Table 47. System Setup options—Security menu(continued)
Security
NOTE: To view this option, enable Advanced Setup mode as described in
View Advanced Setup options.
Attestation Enable The Attestation Enable option controls the endorsement hierarchy of TPM.
Disabling the Attestation Enable option prevents TPM from being used to
digitally sign certificates.
By default, the Attestation Enable option is enabled.
For additional security, Dell Technologies recommends keeping the Attestation
Enable option enabled.
NOTE: When disabled, this feature may cause compatibility issues or loss of
functionality in some operating systems.
NOTE: To view this option, enable Advanced Setup mode as described in
View Advanced Setup options.
Key Storage Enable The Key Storage Enable option controls the storage hierarchy of TPM, which is
used to store digital keys. Disabling the Key Storage Enable option restricts the
ability of TPM to store owner's data.
By default, the Key Storage Enable option is enabled.
For additional security, Dell Technologies recommends keeping the Key Storage
Enable option enabled.
NOTE: When disabled, this feature may cause compatibility issues or loss of
functionality in some operating systems.
NOTE: To view this option, enable Service options as described in View
Service options.
SHA-256 Allows you to control the usage of SHA-256 by TPM. When enabled, the BIOS
and TPM use the SHA-256 hash algorithm to extend measurements into the
TPM PCRs during BIOS boot. When disabled, the BIOS and TPM use the SHA-1
hash algorithm to extend measurements into the TPM PCRs during BIOS boot.
By default, the SHA-256 option is enabled.
For additional security, Dell Technologies recommends keeping the SHA-256
option enabled.
NOTE: To view this option, enable Service options as described in View
Service options.
Clear When enabled, the Clear option clears information that is stored in the TPM
after exiting the system's BIOS. This option returns to the disabled state when
the computer restarts.
By default, the Clear option is disabled.
Dell Technologies recommends enabling the Clear option only when TPM data is
required to be cleared.
NOTE: To view this option, enable Advanced Setup mode as described in
View Advanced Setup options.
Physical Presence Interface (PPI) Bypass
for Clear Command
The PPI Bypass for Clear Command option allows the operating system to
manage certain aspects of PTT. When enabled, you are not prompted to confirm
changes to the PTT configuration.
By default, the PPI Bypass for Clear Command option is disabled.
For additional security, Dell Technologies recommends keeping the PPI Bypass
for Clear Command option disabled.
Intel Total Memory Encryption
150 BIOS Setup
To Next Page
Loading...
