The backup file doesn't look too bad
... i0f:0x00,i13:0x00,i14:0x00,i1c:0x00, ...
I can edit it.
I didn't contact support yet. And I was kind of surprised by @gwynbleidd detailed information. But I could just modify i13 to create a bitmask for the trusted ports ...
i08 is 0x03ff which is 0000 0011 1111 1111
So it is 10 '1's one for each port ....
The bit order seems to be reverse to the GUI, bit0 = ehernet 1 ... bit 10 = sfp2
Well it did what it was supposed to do. It blocked PPPoE and DHCP from those ports.
But what I actually wanted to do is to restrict admin access to the switch to exclude port 1 and 2. As simple as that. I still don't know how to do that.