Skip to main content

Security

Use this menu to configure system security settings.

Physical Presence Policy Configuration

Item	Options	Description
Physical Presence Policy	Enabled Disabled	Enable/Disable "Remote Physical Presence Policy". Enabled is the default setting. The option is modifiable when "Physical Presence State" is asserted. Enabled allows Remote Physical Presence to be asserted without the need for Hardware Physical Presence. Once enabled, a time-out value is used to assert the policy for a specified number of minutes. Note If moved to the Disabled state, it will require Hardware Physical Presence to re-enable this policy.
Minutes To Assert	30	Number of minutes (range 1-100) to have Remote Physical Presence asserted. Physical Presence Policy must be Enabled and a value set to have remote physical Presence asserted. NOTE: This is not a count down value.
Physical Presence State	Hardware Physical Presence Asserted Remote Physical Presence Asserted Hardware and Remote Physical Presence are Asserted De-asserted	If Hardware Physical Presence Jumper is Asserted, the only way to de-assert Physical Presence is to change the jumper on the planar. Asserting allows Physical Presence to be set for a duration listed in minutes even if Hardware Physical Presence Jumper is not asserted. Asserting does not require a reboot. Both the Hardware Physical Presence Jumper on the planar and the Remote Physical Presence are Asserted. De-asserting turns off Physical Presence (unless the HW Physical Presence Jumper is asserted). De-asserting does not require a reboot. De-asserted is the default setting
Toggle Remote Physical Presence Assert	N/A	Switch the Remote Physical Presence between Assert and De-assert when "Physical Presence Policy" is enabled. The option is NOT modifiable when "Physical Presence Policy" is disabled.

Secure Boot Configuration

Item	Options	Description
Physical Presence	Asserted De-asserted	Display the current Physical Presence status. Physical Presence is a form of authorization to perform certain security functions. [Asserted] means being authorized. ”Secure Boot Setting” and “Secure Boot Policy” is modifiable when “Physical Presence” is asserted. De-asserted is the default setting Note When the setting is De-asserted, the whole page is grayed.
Secure Boot Status	Disabled Enabled	Display the current secure boot status. Disabled is the default setting.
Secure Boot Mode	Setup Mode User Mode	System will do secure boot authentication when “Secure Boot Mode” is [User Mode] and secure boot is enabled. User Mode is the default setting.
Secure Boot Setting	Enable Disable	Enable/Disable secure boot. This setting is modifiable when “Physical Presence” is asserted and cannot be loaded to default in Setup Utility. User Mode is the default setting. Note When you attempt to enable secure boot while CSM is enabled, there is a prompt to tell you. Legacy BIOS will be disabled when secure boot is enabled. When you fail to change secure boot settings, verify physical presence and retry.
Secure Boot Policy	Factory Policy Custom Policy Delete All Keys Delete PK Reset All Keys to Default	This setting is modifiable when "Physical Presence" is asserted and cannot be loaded to default in Setup Utility. [Factory Policy]: Factory default keys will be used after reboot. Factory Policy is the default setting. [Custom Policy]: Customized keys will be used after reboot. [Delete All Keys]: PK, KEK, DB and DBX will be deleted after reboot. [Delete PK]: PK will be deleted after reboot. "Secure Boot Mode" is [Setup Mode] and "Secure Boot Policy" is [Custom Policy] after PK is deleted. [Reset All Keys to Default]: All the keys will be set to factory defaults and "Secure Boot Policy" is [Factory Policy] after reboot.
View Secure Boot Keys	N/A	View the details of PK(Platform Key) , KEK (Key Exchange Key) , DB (Authorized Signature Database) and DBX (Forbidden Signature Database).
Secure Boot Custom Policy	N/A	Customize PK (Platform Key), KEK (Key Exchange Key), DB (Authorized Signature Database) and DBX (Forbidden Signature Database). User could enter this page when “Secure Boot Policy” is [Custom Policy].

Trusted Platform Module (TPM 2.0)

Item	Options	Description
TPM 2.0	N/A	Configure the TPM 2.0 Setup options. Click this menu to see more information about TPM 2.0.
Update to TPM1.2 compliant	N/A	Update to TPM 1.2. Note Change is effective after system reboot and physical presence confirmed. You can only switch TPM firmware 128 times. Click this button, a pop-up warning message will show up to confirm the action. When NationZ TPM20 card is plugged in, this item will disappear. Update to TPM1.2 compliant is a significant change to the system since TPM 1.2 and 2.0 are not compatible. All keys and encrypted data will be lost.
SHA-1 PCR Bank	Enabled/Disabled	Enable or Disable SHA-1 PCR Bank.

Trusted Platform Module (TPM 1.2)

Item	Options	Description
TPM 1.2	N/A	Configure the TPM 1.2 Setup options. Click this menu to see more information about TPM 1.2.
Update to TPM 2.0 compliant	N/A	Update to TPM 2.0. Note When update TPM version to TPM 2.0 compliant, do not boot a legacy OS due to security consideration. Change is effective after system reboot and physical presence confirmed. You can only switch TPM firmware 128 times. Click this button, a pop-up warning message will show up to confirm the action. When NationZ TPM20 card is plugged in, this item will disappear. Update to TPM 2.0 compliant is a significant change to the system since TPM 2.0 and 1.2 are not compatible. All keys and encrypted data will be lost.

Give documentation feedback

Physical Presence Policy Configuration
Secure Boot Configuration
Trusted Platform Module (TPM 2.0)
Trusted Platform Module (TPM 1.2)