Option
Description
When TPM 2.0 is installed, the TPM Security option is set to On or Off. This option is set to Off by
default.
TPM Advanced
This setting is enabled only when TPM Security is set to ON.
Settings
Intel(R) TXT
Enables or disables the Intel Trusted Execution Technology (TXT) option. To enable the Intel TXT option,
virtualization technology and TPM Security must be enabled with Pre-boot measurements. This option is
set to Off by default.
When TPM 2.0 is installed, TPM 2 Algorithm option is available. It enables you to select a hash algorithm
from those supported by the TPM (SHA1, SHA256). TPM 2 Algorithm option must be set to SHA256,
to enable TXT.
Power Button
Enables or disables the power button on the front of the system. This option is set to Enabled by default.
AC Power
Sets how the system behaves after AC power is restored to the system. This option is set to Last by
Recovery
default.
UEFI Variable
Provides varying degrees of securing UEFI variables. When set to Standard (the default), UEFI variables
Access
are accessible in the operating system per the UEFI specification. When set to Controlled, selected UEFI
22
BIOS and UEFI
Table 2. TPM 1.2 security information (continued)
TPM information
Description
TPM Command
Controls the Trusted Platform Module (TPM). When set to None, no command
is sent to the TPM. When set to Activate, the TPM is enabled and activated.
When set to Deactivate, the TPM is disabled and deactivated. When set to
Clear, all the contents of the TPM are cleared. This option is set to None by
default.
Table 3. TPM 2.0 security information
TPM information
Description
TPM Information
Changes the operational state of the TPM. This option is set to Type: 2.0-NTC
by default.
TPM Firmware
Indicates the firmware version of the TPM.
TPM Hierarcy
Enable, disable, or clear the storage and endorsement hierarchies. When set to
Enabled, the storage and endorsement hierarchies can be used.
When set to Disabled, the storage and endorsement hierarchies cannot be
used.
When set to Clear, the storage and endorsement hierarchies are cleared of any
values, and then reset to Enabled.
Table 4. TPM Advanced Settings Details
Option
TPM PPI Bypass Provision
TPM PPI Bypass Clear
Description
When set to Enabled allows the Operating
System to bypass Physical Presence Interface
(PPI), prompts when issuing PPI Advanced
Configuration and Power Interface (ACPI)
provisioning operations. This option is set to
Disabled by default.
When set to Enabled allows the Operating
System to bypass Physical Presence Interface
(PPI), prompts when issuing PPI Advanced
Configuration and Power Interface (ACPI)
provisioning operations. This option is set to
Disabled by default.