Table 42. System Setup options—Security menu(continued)
Security
Intel Platform Trust Technology On Enables you to control whether the Intel Platform Trust Technology (PTT) is
visible to the operating system.
By default, the Intel Platform Trust Technology option is enabled.
Intel Total Memory Encryption
Multi-key Total Memory Encryption (Up to
16 keys)
When enabled, the Total Memory Encryption (TME) protects the memory from
physical attacks including freeze spray, probing DDR to read the cycles, and
others.
By default, the Multi-key Total Memory Encryption (Up to 16 keys) option is
disabled.
Chassis Intrusion
Chassis Intrusion Enables or disables the detection of chassis intrusion events. This feature notifies
the user when the base cover has been removed from the computer.
When set to Enabled, a notification is displayed on the next boot and the event
is logged in the BIOS Events log.
When set to Disabled, no notification is displayed and no event is logged in the
BIOS Events log.
When set to On-Silent, the event is logged in the BIOS Events log, but no
notification is displayed.
By default, the Chassis Intrusion Detection option is disabled.
For additional security, Dell Technologies recommends keeping the Chassis
Intrusion option enabled.
NOTE: To view this option, enable Advanced Setup mode as described in
View Advanced Setup options.
Block Boot Until Cleared The Block Boot Until Clear option is enabled when Chassis Intrusion is
enabled. When enabled, the computer does not boot until the chassis intrusion is
cleared.
NOTE: To view this option, enable Advanced Setup mode as described in
View Advanced Setup options.
SMM Security Mitigation Enables or disables additional UEFI SMM Security Mitigation protections. This
option uses the Windows SMM Security Mitigations Table (WSMT) to confirm to
the operating system that security best practices have been implemented by the
UEFI firmware.
By default, the SMM Security Mitigation option is enabled.
For additional security, Dell Technologies recommends keeping the SMM
Security Mitigation option enabled unless you have a specific application which
is not compatible.
NOTE: This feature may cause compatibility issues or loss of functionality
with some legacy tools and applications.
NOTE: To view this option, enable Service options as described in View
Service options.
Data Wipe on Next Boot
Start Data Wipe Data Wipe is a secure wipe operation that deletes information from a storage
device.
CAUTION: The Secure Data Wipe operation erases information in a
way that it cannot be reconstructed.
Commands such as delete and format in the operating system may remove files
from showing up in the file system, however they can be reconstructed through
BIOS Setup 111
To Next Page
Loading...
