Table 38. System setup options—Security menu(continued)
Security
Attestation Enable The Attestation Enable option controls the endorsement hierarchy of TPM.
Disabling the Attestation Enable option prevents TPM from being used to
digitally sign certificates.
By default, the Attestation Enable option is enabled.
For additional security, Dell Technologies recommends keeping the Attestation
Enable option enabled.
NOTE: When disabled, this feature may cause compatibility issues or loss of
functionality in some operating systems.
Key Storage Enable The Key Storage Enable option controls the storage hierarchy of TPM, which is
used to store digital keys. Disabling the Key Storage Enable option restricts the
ability of TPM to store owner's data.
By default, the Key Storage Enable option is enabled.
For additional security, Dell Technologies recommends keeping the Key Storage
Enable option enabled.
NOTE: When disabled, this feature may cause compatibility issues or loss of
functionality in some operating systems.
SHA-256 Allows you to control the hashing algorithm that is used by the TPM. When
enabled, the TPM uses the SHA-256 hashing algorithm. When disabled, the TPM
uses the SHA-1 hash algorithm.
By default, the SHA-256 option is enabled.
For additional security, Dell Technologies recommends keeping the SHA-256
option enabled.
Clear When enabled, the Clear option clears information that is stored in the TPM
after exiting the computer's BIOS. This option returns to the disabled state when
the computer restarts.
By default, the Clear option is disabled.
Dell Technologies recommends enabling the Clear option only when TPM data is
required to be cleared.
Physical Presence Interface (PPI) Bypass
for Clear Commands
By default, the PPI Bypass for Clear Commands option is disabled.
For additional security, Dell Technologies recommends keeping the PPI Bypass
for Clear Commands option disabled.
Intel Total Memory Encryption Total Memory Encryption (TME) protects memory from physical attacks
including freeze spray, probing DDR to read the cycles, and other such attacks.
Multi-Key Total Memory Encryption (Up to
16 keys)
Enables or disables the Multi-Key Total Memory Encryption option.
When enabled, all of system memory is encrypted by the TME block attached to
the memory controller. Up to 16 different encryption keys are supported for use
by the operating system/VMM.
By default, the Multi-Key Total Memory Encryption (Up to 16 keys) option is
disabled.
SMM Security Mitigation Enables or disables additional UEFI SMM Security Mitigation protections. This
option uses the Windows SMM Security Mitigations Table (WSMT) to confirm to
the operating system that security best practices have been implemented by the
UEFI firmware.
By default, the SMM Security Mitigation option is enabled.
For additional security, Dell Technologies recommends keeping the SMM
Security Mitigation option enabled unless you have a specific application which
is not compatible.
BIOS Setup 143
To Next Page
Loading...
