Table 37. BIOS Setup options—Security menu(continued)
Security
For additional security, Dell Technologies recommends keeping the PPI Bypass
for Clear Commands option disabled.
Attestation Enable The Attestation Enable option controls the endorsement hierarchy of TPM.
Disabling the Attestation Enable option prevents TPM from being used to
digitally sign certificates.
By default, the Attestation Enable option is enabled.
For additional security, Dell Technologies recommends keeping the Attestation
Enable option enabled.
NOTE: When disabled, this feature may cause compatibility issues or loss of
functionality in some operating systems.
Key Storage Enable The Key Storage Enable option controls the storage hierarchy of TPM, which is
used to store digital keys. Disabling the Key Storage Enable option restricts the
ability of TPM to store owner's data.
By default, the Key Storage Enable option is enabled.
For additional security, Dell Technologies recommends keeping the Key Storage
Enable option enabled.
NOTE: When disabled, this feature may cause compatibility issues or loss of
functionality in some operating systems.
Clear When enabled, the Clear option clears information that is stored in the TPM
after exiting the computer's BIOS. This option returns to the disabled state when
the computer restarts.
By default, the Clear option is disabled.
Dell Technologies recommends enabling the Clear option only when TPM data is
required to be cleared.
Intel Total Memory Encryption Enables or disables the processor’s memory encryption feature.
By default, the Intel Total Memory Encryption option is disabled.
NOTE: To view this option, enable Advanced Setup mode as described in
View Advanced Setup options.
Chassis intrusion
Chassis Intrusion The chassis intrusion detection enables a physical switch that triggers an event
when the computer cover is opened.
When set to Enabled, a notification is displayed on the next boot and the event
is logged in the BIOS Events log.
When set to On-Silent, the event is logged in the BIOS Events log, but no
notification is displayed.
When set to Disabled, no notification is displayed and no event is logged in the
BIOS Events log.
By default, the Chassis Intrusion Detection option is enabled.
For additional security, Dell Technologies recommends keeping the Chassis
Intrusion Detection option enabled.
Block Boot Until Cleared Enables or disables the Block Boot Until Cleared option.
By default, the Block Boot Until Cleared option is enabled.
NOTE: When enabled, the computer does not boot until the chassis intrusion
is cleared. If the administrator password is set, Setup has to be unlocked
before the warning can be cleared.
130 BIOS Setup
To Next Page
Loading...
