Table 30. System setup options - Security menu(continued)
Security
For additional security, Dell Technologies recommends
keeping the Enable Pre-Boot DMA Support option
enabled.
NOTE: This option is provided only for compatibility
purposes, as certain older hardware may not be DMA
compliant.
Enable OS Kernel DMA Support Allows you to control the Kernel DMA protection for
both internal and external ports. This option does not
directly enable DMA protection in the operating system.
For operating systems that support DMA protection, this
setting indicates to the operating system that the BIOS
supports the feature.
NOTE: This option is not available when the
virtualization setting for IOMMU is disabled (VT-d/AMD
Vi).
By default, the Enable OS Kernel DMA Support option is
enabled.
NOTE: This option is provided only for compatibility
purposes, as certain older hardware may not be DMA
compliant.
UEFI Firmware Capsule Updates Enables or disables BIOS updates through UEFI capsule
update packages.
NOTE: Disabling this option blocks the BIOS updates
from services such as Microsoft Windows Update and
Linux Vendor Firmware Service (LVFS).
By default, the UEFI Capsule Firmware Updates option is
enabled.
Secure Boot Secure Boot is a method of guaranteeing the integrity of
the boot path by performing additional validation of the
operating system and PCI add-in cards. The computer stops
booting to the operating system when a component is not
authenticated during the boot process. Secure Boot can be
enabled in BIOS setup or using management interfaces like
Dell Command | Configure, but can only be disabled from
BIOS setup.
Secure Boot Enables or disables the computer to boot using only
validated boot software.
By default, the Enable Secure Boot option is enabled.
For additional security, Dell Technologies recommends
keeping the
Secure Boot option enabled to ensure that the
UEFI firmware validates the operating system during the
boot process.
NOTE: For Secure Boot to be enabled, the computer
is required to be in UEFI boot mode and the Enable
Legacy Option ROMs option is required to be turned
off.
Select Secure Boot Allows the user to select the Secure Boot operation mode.
By default, the Deployed Mode option is selected.
NOTE: Deployed Mode should be selected for normal
operation of Secure Boot.
BIOS Setup 129
To Next Page
Loading...
