Table 6. Security menu items (continued)
Menu item
Submenu item
Value
Comments
Security Chip
• Active
• Inactive
• Disabled
If you select Active, the security chip is functional.
If you select Inactive, the security chip option
is visible, but is not functional. If you select
Disabled, the security chip is hidden and the
option is not functional.
Security Reporting
Options
Enable or disable the following Security Reporting
Options:
• BIOS ROM String Reporting: BIOS text string
• CMOS Reporting: CMOS data
• NVRAM Reporting: Security data stored in
the Asset ID
• SMBIOS Reporting: SMBIOS data
Clear Security Chip
• Enter
Clear the encryption key.
Note: This item is displayed only if you have
selected Active for the security chip option.
Intel TXT Feature • Disabled
• Enabled
Enable or disable Intel Trusted Execution
Technology.
Physical Presence for
Provisioning
• Disabled
• Enabled
This option enables or disables the conrmation
message when you change the settings of the
security chip.
Security Chip
Physical Presence for
Clear
• Disabled
• Enabled
This option enables or disables the conrmation
message when you clear the security chip.
Flash UEFI Updating by
End-Users
• Disabled
• Enabled
If you select Enabled, all users can update the
UEFI BIOS. If you select Disabled, only the
person who knows the supervisor password can
update the UEFI BIOS.
UEFI BIOS
Update Option
Secure RollBack
Prevention
• Disabled
• Enabled
If you select Disabled, end-user can ash the
older version UEFI BIOS. If you select Enabled,
end-user cannot ash the older version UEFI
BIOS.
Memory
Protection
Execution Prevention • Disabled
• Enabled
Some computer viruses and worms cause
memory buffers to overow by running code
where only data is allowed. If the Data Execution
Prevention feature can be used with your
operating system, then by selecting Enabled
you can protect your computer against attacks
by such viruses and worms. If after choosing
Enabled you nd that program does not run
correctly, select Disabled and reset the setting.
Intel Virtualization
Technology
• Disabled
• Enabled
If you select Enabled, a VMM (Virtual Machine
Monitor) can utilize the additional hardware
capabilities provided by Intel Virtualization
Technology.
Virtualization
Intel VT-d Feature • Disabled
• Enabled
Intel VT-d stands for Intel Virtualization Technology
for Directed I/O. When enabled, a VMM can utilize
the platform infrastructure for I/O virtualization.
124 User Guide