System Security
Use this window to control the security features of the system.
User Privileges
Selection | View | Manage |
System Security | Administrator, Elevated Administrator (Linux only) | Administrator, Elevated Administrator (Linux only) |
System Password
Allows the system password to be set or modified. The password can be up to 32 characters long and contain most of non-shifted letters, numbers, and punctuation. Lowercase letters are valid. Only the following special characters are allowed: +, ", ,, -, ., /, ;, [, \, ], `. To enable system password modification you have to install J_EN_PASSWD jumper and set Password Status to Unlocked.
Intel(R) AES-NI
Displays the current status of Intel(R) Processor AES-NI feature.
Setup Password
Allows the password to be set or modified. The password can be up to 32 characters long and contain most of non-shifted letters, numbers, and punctuation. Lowercase letters are valid. Only the following special characters are allowed: +, ", ,, -, ., /, ;, [, \, ], `. To enable system password modification, you have to install J_EN_PASSWD jumper and set Password Status to Unlocked.
Password Status
Locks the system password. To prevent the system password from being modified, set this option to locked and enable setup password. This field also prevents the system password from being disabled by the user while the system boots.
TPM Security
Controls the reporting of the Trusted Platform Module (TPM) in the system.
Off (default) | Presence of the TPM is not reported to the operating system. |
---|---|
On with Pre-boot Measurements | BIOS stores TCG compliant measurements to the TPM during POST. |
On without Pre-boot Measurements | BIOS bypasses pre-boot measurements. |
TPM Information
Displays the TPM's type and TPM's firmware version.
TPM Activation
Allows the user to change the operational state of the Trusted Platform Module (TPM). This field is Read-Only when TPM Security is set to Off.
Activate | The TPM is enabled and activated. |
---|---|
Deactivate | The TPM is disabled and deactivated. |
No Change | The operational state of the TPM remains unaltered. |
TPM Status
Displays the current status of the TPM.
TPM Clear
When set to Yes, all the contents of the TPM will be cleared. This field is Read-Only when TPM Security is set to Off.
TCM Security
Controls the reporting of the Trusted Cryptography Module (TCM) in the system.
Off (default) | Presence of the TCM is not reported to the operating system. |
---|---|
On | Presence of the TCM is reported to the operating system. |
TCM Activation
Allows the user to change the operational state of the Trusted Cryptography Module (TCM). This field is Read-Only when TCM Security is set to Off.
Activate | The TCM is enabled and activated. |
---|---|
Deactivate | The TCM is disabled and deactivated. |
No Change | The operational state of the TCM remains unaltered. |
TCM Clear
When set to Yes, all the contents of the TCM will be cleared. This field is Read-Only when TCM Security is set to Off.
TPM Command
Allows the user to control the Trusted Platform Module (TPM). This field is Read-Only when TPM Security is set to Off. The action requires an additional reboot before it can take effect.
Activate | The TPM will be enabled and activated. |
---|---|
Deactivate | The TPM will be disabled and deactivated. |
None | No command is sent to the TPM when set to none. |
Clear | All the contents of the TPM will be cleared when set to clear. |
Intel(R) TXT
Enables or disables Trusted Execution Technology. To enable Intel(R) TXT, VT must be enabled, and the TPM must be enabled with pre-boot measurements and activated.
BIOS Update Control
Allows or prevents the BIOS update using DOS or UEFI shell based flash utilities. For environments not requiring local BIOS updates, it is recommended to set this field to Disabled.
Unlocked | Allows all BIOS update. |
---|---|
Limited | Prevents local BIOS updates from DOS or UEFFI shell
based flash utilities, or from Lifecycle Controller User Interface. NOTE: Limited is recommended
for environments that do not require local BIOS updates. These environments
include Remote Enablement Update or executing Update Package from
operating system. |
AC Power Recovery
Specifies how the system will react after AC power has been restored to the system. It is especially useful for people who turn their systems off with a power strip.
Last | The system turns on if the system was on when AC was lost. The system remains off if the system was off when AC was lost. |
---|---|
On | The system turns on after AC is restored. |
Off | The system stays off after AC is restored. |
AC Power Recovery Delay
Specifies how the system will support the staggering of power-up after AC power has been restored to the system.
Immediate | There is no delay for power-up. |
---|---|
Random | The system creates a random delay (30 seconds to 240 seconds) for power-up. |
User Defined | The system delays power-up by that amount. The system supported user defined power-up delay range is from 30s to 240s. |
User Defined Delay (60s to 240s)
Controls the user defined AC Recovery Delay. Enter a delay in the range of 60 seconds to 240 seconds.
UEFI Variable Access
UEFI variable access provides the degrees of various secure UEFI variables.
Standard (default) | The UEFI variables are accessible in the operating system as per the UEFI specification. |
---|---|
Controlled | The UEFI variables are protected in the operating system environment and new UEFI boot entries are forced to be at the end of the current boot order. |
Secure Boot
When secure boot is enabled, the BIOS authenticates each pre-boot image using the certificates in the Secure Boot Policy. When secure boot is disabled, the BIOS does not authenticate images. Secure boot is disabled by default.
Secure Boot Policy
When secure boot is Standard, the BIOS uses the systems manufacture keys and certificates to authenticate pre-boot images. When secure boot policy is Custom, the BIOS uses user-defined keys and certificates. Secure Boot Policy is Standard by default.