Table 43. System setup options—Security menu(continued)
Security
By default, the Clear option is disabled.
Dell Technologies recommends enabling the Clear option only when TPM data
is required to be cleared.
PPI Bypass for Clear Commands Controls the TPM Physical Presence Interface (PPI).
For additional security, Dell Technologies recommends keeping the PPI
Bypass for Clear Commands option disabled.
SMM Security Mitigation Enables or disables additional UEFI SMM Security Mitigation protections. This
option uses the Windows SMM Security Mitigations Table (WSMT) to confirm
to the operating system that security best practices have been implemented
by the UEFI firmware.
By default, the SMM Security Mitigation option is enabled.
For additional security, Dell Technologies recommends keeping the SMM
Security Mitigation option enabled unless you have a specific application
which is not compatible.
NOTE: This feature may cause compatibility issues or loss of functionality
with some legacy tools and applications.
AMD Memory Guard Enables enhanced protection by encrypting contents of RAM. This feature is
only available on Pro version CPUs.
By default, this option is disabled.
Data Wipe on Next Boot
Start Data Wipe Enable or disable the data wipe on next boot.
By default, the Start Data Wipe option is disabled.
Absolute Enables, disables, or permanently disables the BIOS module interface of the
optional Absolute Persistence Module service from Absolute software.
By default, the Absolute option is enabled.
For additional security, Dell Technologies recommends keeping the Absolute
option enabled.
WARNING: The 'Permanently Disabled' option can only be
selected once. When 'Permanently Disabled' is selected, Absolute
Persistence cannot be re-enabled. No further changes to the
Enable/Disable states are allowed.
NOTE: The Enable/Disable options are unavailable while the computer is in
the activated state.
NOTE: When the Absolute features are activated, the Absolute integration
cannot be disabled from the BIOS setup screen.
UEFI Boot Path Security Controls whether the system will prompt the user to enter the admin password
(if set) when booting to a UEFI boot path device from the F12 boot menu.
By default, the Always Except Internal HDD option is enabled.
Firmware Device Tamper Detection Allows you to control the firmware device tamper detection feature. This
feature notifies the user when the firmware device is tampered. When enabled,
a screen warning messages are displayed on the computer and a tamper
detection event is logged in the BIOS Events log. The computer fails to reboot
until the event is cleared.
By default, the Firmware Device Tamper Detection option is enabled.
For additional security, Dell Technologies recommends keeping the Firmware
Device Tamper Detection option enabled.
166 BIOS Setup
To Next Page
Loading...
