HP Engage Flex Pro-C G2 Maintenance and Service Guide - Page 62

Intel Software Guard Extensions SGX

Get HP Engage Flex Pro-C G2 PDF manuals and user guides View all HP Engage Flex Pro-C G2 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 62 highlights

Table 5-2 Computer Setup Security (continued) Option Description Security Configuration Secure Platform Management (SPM) ● SPM Current State: Displays the current state. Also lets you change the state. ● Unprovision SPM: Deprovisions SPM, which causes HP Sure Run to revert to the inactive state and return HP Sure Recover to default settings. ● HP Sure Run Current State: Displays the current state. Also lets you change the state. Deactivate HP Sure Run: Deactivates HP Sure Run without deprovisioning SPM. ● Smart Health Enable ● EBAM Current State: Displays the current state. Also lets you change the state. Disable EBAM: Disables Enhanced BIOS Authentication Mode (EBAM). ● Deactivate HP Sure Run: Requires BIOS Administrator password to be configured. ● Local Access Key: Indicates that the key is present. Also lets you clear the keys and reboot. Clear EBAM Local Access Keys and Reboot: Deletes all currently established local access keys created for Enhanced BIOS Authentication Mode (EBAM). Physical Presence Interface: When set to enabled, the user is notified at system power up when changes are made to system security policy. The user must manually agree to those changes before the change is confirmed. Default is enabled. Smart Cover: The Smart Cover Lock (select products only) is a software-controllable solenoid lock that restricts unauthorized access to the system's internal components. ● Cover Lock: Default is unlock. ● Cover Removal Sensor: Lets you disable the cover sensor or configure what action is taken if the computer cover is removed. Default is disabled. NOTE: Notify user alerts the user with a POST error on the first boot after the sensor detects removal of the cover. If the password is set, Administrator Password requires that the password be entered to boot the computer if the sensor detects that the cover has been removed. Trusted Execution Technology (TXT) Enables Trusted Execution Technology on select Intel-based systems. Default is disabled. NOTE: Enabling this feature disables OS management of the Trusted Platform Module (TPM), prevents a reset of the TPM, and constrains the configuration of VTx, VTd, and TPM. Intel Software Guard Extensions (SGX) Intel SGX is a set of processor code instructions that allows user-level code to allocate private regions of memory. Unlike normal process memory, SGX protects these private memory regions from processes running at higher privilege levels. ● Software control ● Disable ● Enable Full encryption of main memory (DRAM) (select products only) When selected, the computer stores all data to DRAM in an encrypted format. 56 Chapter 5 Computer Setup (F10) Utility

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
Table 5-2
Computer Setup Security
(continued)
Option
Description
Security Configuration
Secure Platform Management (SPM)
SPM Current State: Displays the current state. Also lets you change the state.
Unprovision SPM: Deprovisions SPM, which causes HP Sure Run to revert to the inactive state
and return HP Sure Recover to default settings.
HP Sure Run Current State: Displays the current state. Also lets you change the state.
Deactivate HP Sure Run: Deactivates HP Sure Run without deprovisioning SPM.
Smart Health Enable
EBAM Current State: Displays the current state. Also lets you change the state.
Disable EBAM: Disables Enhanced BIOS Authentication Mode (EBAM).
Deactivate HP Sure Run: Requires BIOS Administrator password to be configured.
Local Access Key: Indicates that the key is present. Also lets you clear the keys and reboot.
Clear EBAM Local Access Keys and Reboot: Deletes all currently established local access keys
created for Enhanced BIOS Authentication Mode (EBAM).
Physical Presence Interface
: When set to enabled, the user is notified at system power up when
changes are made to system security policy. The user must manually agree to those changes before
the change is confirmed. Default is enabled.
Smart Cover
: The Smart Cover Lock (select products only) is a software-controllable solenoid lock
that restricts unauthorized access to the system’s internal components.
Cover Lock: Default is unlock.
Cover Removal Sensor: Lets you disable the cover sensor or configure what action is taken if
the computer cover is removed. Default is disabled.
NOTE:
Notify user
alerts the user with a POST error on the first boot after the sensor detects
removal of the cover. If the password is set,
Administrator Password
requires that the password
be entered to boot the computer if the sensor detects that the cover has been removed.
Trusted Execution Technology (TXT)
Enables Trusted Execution Technology on select Intel-based systems. Default is disabled.
NOTE:
Enabling this feature disables OS management of the Trusted Platform Module (TPM),
prevents a reset of the TPM, and constrains the configuration of VTx, VTd, and TPM.
Intel Software Guard Extensions (SGX)
Intel SGX is a set of processor code instructions that allows user-level code to allocate private
regions of memory. Unlike normal process memory, SGX protects these private memory regions
from processes running at higher privilege levels.
Software control
Disable
Enable
Full encryption of main memory (DRAM)
(select products only)
When selected, the computer stores all data to DRAM in an encrypted format.
56
Chapter 5
Computer Setup (F10) Utility