Lenovo X230 User Manual

Table 6. Security menu items (continued)

Menu item

Submenu item

Value

Comments

Password
Authentication

• Disabled

• Enabled

Enable or disable password authentication.
If high security mode is selected, this item is
displayed.

Reset Fingerprint Data

• Enter

This option is used to erase all fingerprint data
stored in the fingerprint reader and reset settings
to the factory state. As a result, any power-on
security features previously enabled will not be
able to work until they are re-enabled in the
fingerprint software.

Security Chip

• Active

• Inactive

• Disabled

If you select Active, the security chip is functional.
If you select Inactive, the Security Chip option
is visible, but the security chip is not functional. If
you select Disabled, the Security Chip option is
hidden and the security chip is not functional.

Security Reporting
Options

Enable or disable the following Security Reporting
Options:

• BIOS ROM String Reporting: BIOS text string

• ESCD Reporting: Extended system

configuration data

• CMOS Reporting: CMOS data

• NVRAM Reporting: Security data stored in

the Asset ID

• SMBIOS Reporting: SMBIOS data

Clear Security Chip

• Enter

Clear the encryption key.

Note: This item is displayed only if you have
selected Active for the Security Chip option.

Intel TXT Feature

• Disabled

• Enabled

Enable or disable Intel Trusted Execution
Technology.

Physical Presence for
Provisioning

• Disabled

• Enabled

This option enables or disables the confirmation
message when you change the settings of the
security chip.

Security Chip

Physical Presence for
Clear

• Disabled

• Enabled

This option enables or disables the confirmation
message when you clear the security chip.

Flash UEFI Updating by
End-Users

• Disabled

• Enabled

If you select Enabled, all users can update the
UEFI BIOS. If you select Disabled, only the
person who knows the supervisor password can
update the UEFI BIOS.

UEFI BIOS
Update Option

Secure RollBack
Prevention

• Disabled

• Enabled

If you select Disabled, end-user can flash the
older version UEFI BIOS. If you select Enabled,
end-user cannot flash the older version UEFI
BIOS.

Memory
Protection

Execution Prevention

• Disabled

• Enabled

Some computer viruses and worms cause
memory buffers to overflow. By selecting
Enabled you can protect your computer against
attacks by such viruses and worms. If after
choosing Enabled you find that an application
program does not run correctly, select Disabled
and reset the setting.

Chapter 8

.

Advanced configuration

117