Trusted Computing Menu

When a Trusted-Platform Module (TPM) device is detected in your machine, the following information will display:

TPM 2.0 Device Found
Firmware Version:
Vendor:

Security Device Support

If this feature and the TPM jumper on the motherboard are both set to Enabled, onboard security devices will be enabled for Trusted Platform Module (TPM) support to enhance data integrity and network security. Please reboot the system for a change on this setting to take effect. The options are Disabled and Enabled.

When "Security Device Support" is set to Enabled and a TPM 2.0 device is detected by the BIOS, the following information is displayed.

Active PCR banks
Available PCR banks

Note: The following features are available when a TPM 2.0 device is detected by the BIOS.

SHA256 PCR Bank (Available when "Security Device Support" is set to Enable)

Use this feature to disable or enable the SHA256 Platform Configuration Register (PCR) bank for the installed TPM device to enhance system integrity and data security. The options are Disabled and Enabled.

SHA384 PCR Bank (Available when "Security Device Support" is set to Enable)

Select Enabled to enable SHA384 PCR Bank support to enhance system integrity and data security. The options are Enabled and Disabled.

Pending Operation

Use this feature to schedule a TPM-related operation to be performed by a security device for system data integrity. The options are None and TPM Clear.

Note: Your system will reboot to carry out a pending TPM operation.

Platform Hierarchy (Available when "Security Device Support" is set to Enable)

Select Enabled for TPM Platform Hierarchy support, which allows the manufacturer to use the cryptographic algorithm to define a constant key or a fixed set of keys to be used for initial system boot. These early boot codes are shipped with the platform and are included in the list of "public keys." During system boot, the platform firmware uses the trusted public keys to verify a digital signature in an attempt to manage and control the security of the platform firmware used in a host system via a TPM device. The options are Disabled and Enabled.

Storage Hierarchy (Available when "Security Device Support" is set to Enable)

Select Enabled for TPM Storage Hierarchy support that is intended to be used for non-privacy-sensitive operations by a platform owner such as an IT professional or the end user. Storage Hierarchy has an owner policy and an authorization value, both of which can be set and are held constant (rarely changed) through reboots. This hierarchy can be cleared or changed independently of the other hierarchies. The options are Disabled and Enabled.

Endorsement Hierarchy (Available when "Security Device Support" is set to Enable)

Select Enabled for Endorsement Hierarchy support, which contains separate controls to address privacy concerns because the primary keys in the hierarchy are certified by the TPM key or by a manufacturer with restrictions on how an authentic TPM device that is attached to an authentic platform can be accessed and used. A primary key can be encrypted and certified with a certificate created by using TPM2_ActivateCredential, which allows you to independently enable "flag, policy, and authorization values" without involving other hierarchies. A user with privacy concerns can disable the endorsement hierarchy while still using the storage hierarchy for TPM applications, permitting the platform software to use the TPM. The options are Disabled and Enabled.

PH Randomization

Use this feature to disable or enable Platform Hierarchy (PH) Randomization. The options are Disabled and Enabled.

This manual was last published November 10, 2025.
This page was last updated November 10, 2025.