Support User Manuals

Lenovo 2355AK4 Laptop User Manual

Open as PDF

of 192

Table 6. Security menu items (continued)

Menu item

Submenu item

Value

Comments

Security Chip

• Active

• Inactive

• Disabled

If you select Active, the security chip is functional.

If you select Inactive, the security chip option

is visible, but is not functional. If you select

Disabled, the security chip is hidden and the

option is not functional.

Security Reporting

Options

Enable or disable the following Security Reporting

Options:

• BIOS ROM String Reporting: BIOS text string

• CMOS Reporting: CMOS data

• NVRAM Reporting: Security data stored in

the Asset ID

• SMBIOS Reporting: SMBIOS data

Clear Security Chip

• Enter

Clear the encryption key.

Note: This item is displayed only if you have

selected Active for the security chip option.

Intel TXT Feature • Disabled

• Enabled

Enable or disable Intel Trusted Execution

Technology.

Physical Presence for

Provisioning

• Disabled

• Enabled

This option enables or disables the conrmation

message when you change the settings of the

security chip.

Security Chip

Physical Presence for

Clear

• Disabled

• Enabled

This option enables or disables the conrmation

message when you clear the security chip.

Flash UEFI Updating by

End-Users

• Disabled

• Enabled

If you select Enabled, all users can update the

UEFI BIOS. If you select Disabled, only the

person who knows the supervisor password can

update the UEFI BIOS.

UEFI BIOS

Update Option

Secure RollBack

Prevention

• Disabled

• Enabled

If you select Disabled, end-user can ash the

older version UEFI BIOS. If you select Enabled,

end-user cannot ash the older version UEFI

BIOS.

Memory

Protection

Execution Prevention • Disabled

• Enabled

Some computer viruses and worms cause

memory buffers to overow by running code

where only data is allowed. If the Data Execution

Prevention feature can be used with your

operating system, then by selecting Enabled

you can protect your computer against attacks

by such viruses and worms. If after choosing

Enabled you nd that program does not run

correctly, select Disabled and reset the setting.

Intel Virtualization

Technology

• Disabled

• Enabled

If you select Enabled, a VMM (Virtual Machine

Monitor) can utilize the additional hardware

capabilities provided by Intel Virtualization

Technology.

Virtualization

Intel VT-d Feature • Disabled

• Enabled

Intel VT-d stands for Intel Virtualization Technology

for Directed I/O. When enabled, a VMM can utilize

the platform infrastructure for I/O virtualization.

124 User Guide

previous next