Skip to main content

Security

Use this menu to configure system security settings.



Physical Presence Policy Configuration

Item

Options

Description

Physical Presence Policy

  • Enabled

  • Disabled

Enable/Disable "Remote Physical Presence Policy".

Enabled is the default setting. The option is modifiable when "Physical Presence State" is asserted.

Enabled allows Remote Physical Presence to be asserted without the need for Hardware Physical Presence. Once enabled, a time-out value is used to assert the policy for a specified number of minutes.

Note
If moved to the Disabled state, it will require Hardware Physical Presence to re-enable this policy.

Minutes To Assert

30

Number of minutes (range 1-100) to have Remote Physical Presence asserted. Physical Presence Policy must be Enabled and a value set to have remote physical Presence asserted. NOTE: This is not a count down value.

Physical Presence State

  • Hardware Physical Presence Asserted

  • Remote Physical Presence Asserted

  • Hardware and Remote Physical Presence are Asserted

  • De-asserted

If Hardware Physical Presence Jumper is Asserted, the only way to de-assert Physical Presence is to change the jumper on the planar.

Asserting allows Physical Presence to be set for a duration listed in minutes even if Hardware Physical Presence Jumper is not asserted. Asserting does not require a reboot.

Both the Hardware Physical Presence Jumper on the planar and the Remote Physical Presence are Asserted.

De-asserting turns off Physical Presence (unless the HW Physical Presence Jumper is asserted). De-asserting does not require a reboot.

De-asserted is the default setting

Toggle Remote Physical Presence Assert

N/A

Switch the Remote Physical Presence between Assert and De-assert when "Physical Presence Policy" is enabled.

The option is NOT modifiable when "Physical Presence Policy" is disabled.

Secure Boot Configuration

Item

Options

Description

Physical Presence

  • Asserted

  • De-asserted

Display the current Physical Presence status.

Physical Presence is a form of authorization to perform certain security functions. [Asserted] means being authorized.

”Secure Boot Setting” and “Secure Boot Policy” is modifiable when “Physical Presence” is asserted.

De-asserted is the default setting

Note
When the setting is De-asserted, the whole page is grayed.

Secure Boot Status

  • Disabled

  • Enabled

Display the current secure boot status. Disabled is the default setting.

Secure Boot Mode

  • Setup Mode

  • User Mode

System will do secure boot authentication when “Secure Boot Mode” is [User Mode] and secure boot is enabled. User Mode is the default setting.

Secure Boot Setting

  • Enable

  • Disable

Enable/Disable secure boot. This setting is modifiable when “Physical Presence” is asserted and cannot be loaded to default in Setup Utility. User Mode is the default setting.

Note
  • When you attempt to enable secure boot while CSM is enabled, there is a prompt to tell you.

  • Legacy BIOS will be disabled when secure boot is enabled.

  • When you fail to change secure boot settings, verify physical presence and retry.

Secure Boot Policy

  • Factory Policy

  • Custom Policy

  • Delete All Keys

  • Delete PK

  • Reset All Keys to Default

This setting is modifiable when "Physical Presence" is asserted and cannot be loaded to default in Setup Utility.

[Factory Policy]: Factory default keys will be used after reboot. Factory Policy is the default setting.

[Custom Policy]: Customized keys will be used after reboot.

[Delete All Keys]: PK, KEK, DB and DBX will be deleted after reboot.

[Delete PK]: PK will be deleted after reboot.

"Secure Boot Mode" is [Setup Mode] and "Secure Boot Policy" is [Custom Policy] after PK is deleted.

[Reset All Keys to Default]: All the keys will be set to factory defaults and "Secure Boot Policy" is [Factory Policy] after reboot.

View Secure Boot Keys

N/A

View the details of PK(Platform Key) , KEK (Key Exchange Key) , DB (Authorized Signature Database) and DBX (Forbidden Signature Database).

Secure Boot Custom Policy

N/A

Customize PK (Platform Key), KEK (Key Exchange Key), DB (Authorized Signature Database) and DBX (Forbidden Signature Database).

User could enter this page when “Secure Boot Policy” is [Custom Policy].

Trusted Platform Module (TPM 2.0)

ItemOptionsDescription
TPM 2.0N/AConfigure the TPM 2.0 Setup options. Click this menu to see more information about TPM 2.0.
Update to TPM1.2 compliantN/AUpdate to TPM 1.2.
Note
  • Change is effective after system reboot and physical presence confirmed. You can only switch TPM firmware 128 times.

  • Click this button, a pop-up warning message will show up to confirm the action.

  • When NationZ TPM20 card is plugged in, this item will disappear.

  • Update to TPM1.2 compliant is a significant change to the system since TPM 1.2 and 2.0 are not compatible. All keys and encrypted data will be lost.

SHA-1 PCR BankEnabled/DisabledEnable or Disable SHA-1 PCR Bank.

Trusted Platform Module (TPM 1.2)

ItemOptionsDescription
TPM 1.2N/AConfigure the TPM 1.2 Setup options. Click this menu to see more information about TPM 1.2.
Update to TPM 2.0 compliantN/AUpdate to TPM 2.0.
Note
  • When update TPM version to TPM 2.0 compliant, do not boot a legacy OS due to security consideration. Change is effective after system reboot and physical presence confirmed. You can only switch TPM firmware 128 times.

  • Click this button, a pop-up warning message will show up to confirm the action.

  • When NationZ TPM20 card is plugged in, this item will disappear.

  • Update to TPM 2.0 compliant is a significant change to the system since TPM 2.0 and 1.2 are not compatible. All keys and encrypted data will be lost.