Key management, Image execution policy – Asus RS100-E8-PI2 User Manual

Chapter 5: BIOS setup

5-36

Internal FV [Always Execute]

Configuration options: [Always Execute]

Option ROM/Removable Media/Fixed Media [Deny Execute]

Configuration options: [Always Execute] [Always Deny] [Allow Execute] [Defer Execute]

[Deny Execute] [Query User]

Key Management

This item only appears when you set the Secure Boot Mode to [Custom]. This allows you to

modify Secure Boot variables and set Key Management page.

Aptio Setup Utility - Copyright (C) 2013 American Megatrends, Inc.

Security

Image Execution Policy

p e r d e v i c e p a t h o n

Security Violation.

Interval FV

[Always Execute]

Option ROM

[Deny Execute]

Removable Media

[Deny Execute]

Fixed Media

[Deny Execute]

Image Execution Policy

This item only appears when you set the Secure Boot Mode to [Custom]. This allows you to

manage the Image Policy on Security Violation.

Install Factory default

Secure Boot Keys when

System is in Setup Mode

Aptio Setup Utility - Copyright (C) 2013 American Megatrends, Inc.

Security

Factory Default Key Provisioning

[Disabled]

Install All Factory Default Keys

Platform Key (PK)

NOT INSTALLED

Set new PK

Delete PK

Key Exchange Key Database (KEK)

NOT INSTALLED

Set new KEK

Delete KEK

Append Var to KEK

Authorized Signature Database (DB) NOT INSTALLED

Set new DB

Delete DB

Append Var to DB

Forbidden Signature Database (DBX) NOT INSTALLED

Set new DBX

Delete DBX

Append Var to DBX

Factory Default Key Provisioning [Disabled]

Configuration options: [Disabled] [Enabled]

Install All Factory Default Keys

This item will ask you if you want to Install Factory Default secure variables. Select Yes

if you want to load the default secure variables, otherwise select No.

Platform Key (PK)/Key Exchange Key Database (KEK)/Authorized Signature

Database (DB)/ Forbidden Signature Database (DBX)

Configuration options: [Set New] [Delete] [Append]