Table 41. System Setup options—Boot Configuration menu(continued)
Boot Configuration
By default, the Secure Digital (SD) Card Boot option is disabled.
NOTE: To view this option, enable Advanced Setup mode as described in
View Advanced Setup options.
Secure Boot Secure Boot is a method of guaranteeing the integrity of the boot path by
performing additional validation of the operating system and PCI add-in cards.
The computer stops booting to the operating system when a component is not
authenticated during the boot process. Secure Boot can be enabled in BIOS setup
or using management interfaces like Dell Command|Configure, but can only be
disabled from BIOS setup.
Enable Secure Boot Enables the computer to boot using only validated boot software.
By default, this Enable Secure Boot option is disabled. For additional security,
Dell Technologies recommends keeping the Secure Boot option enabled to
ensure that the UEFI firmware validates the operating system during the boot
process.
NOTE: To view this option, enable Advanced Setup mode as described in
View Advanced Setup options.
NOTE: To enable Secure Boot, the computer is required to be in UEFI boot
mode and the Enable Legacy Option ROMs option is required to be turned
off.
Enable Microsoft UEFI CA When disabled, the UEFI CA is removed from the BIOS UEFI Secure Boot
database.
NOTE: When disabled, the Microsoft UEFI CA could render your computer
unable to boot, computer graphics may not function, some devices may not
function properly, and the computer could become unrecoverable.
By default, the Enable Microsoft UEFI CA option is enabled.
For additional security, Dell Technologies recommends keeping the Microsoft
UEFI CA option enabled to ensure the broadest compatibility with devices and
operating systems.
Secure Boot Mode Enables or disables the Secure Boot operation mode.
By default, the Deployed Mode is selected. Deployed Mode should be selected
for normal operation of Secure Boot.
NOTE: To view this option, enable Advanced Setup mode as described in
View Advanced Setup options.
Expert Key Management
Enable Custom Mode Enables or disables the keys in the PK, KEK, db, and dbx security key databases
to be modified.
By default, the Enable Custom Mode option is disabled.
NOTE: To view this option, enable Advanced Setup mode as described in
View Advanced Setup options.
Custom Mode Key Management Selects the custom values for expert key management.
By default, the PK option is selected.
NOTE: To view this option, enable Advanced Setup mode as described in
View Advanced Setup options.
BIOS Setup 143
To Next Page
Loading...
