Security - Dell Latitude 5320 Service Manual

Security

Table 9. Security
Option
TPM 2.0 Security
Intel Total Memory
Encryption
Chassis Intrusion
SMM Security
Mitigation
Data Wipe on Next Boot
Absolute
UEFI Boot Path Security Controls whether the system prompts the user to enter the admin password (if set) when
100 System setup
Description
Allows you to enable or disable the Trusted Platform Module (TPM).
The options are:
● TPM 2.0 Security On—This option is enabled by default.
● Attestation Enable—This option is enabled by default.
● Key Storage Enable—This option is enabled by default.
● SHA-256—This option is enabled by default.
● Clear
● PPI Bypass for Clear Command
Total Memory Encryption - This option is disabled by default.
It is used to protect memory from physical attacks including freeze spray and probing DDR
to read the cycles. The system memory is encrypted by TME block attached to the memory
controller.
Controls chassis intrusion feature.
The options are:
● Disabled
● Enabled
● On-Silent—This option is enabled by default.
Allows you to enable or disable additional UEFI SMM Security Mitigation protection.
SMM Security Mitigation - By default, this option is enabled.
Allows BIOS to queue up data wipe cycle for storage devices connected to the motherboard on
the next reboot.
Start Data Wipe - By default, this option is disabled.
NOTE: Secure Wipe operation deletes information in a way that it cannot be reconstructed.
This field allows you to Enable, Disable, or Permanently Disable the BIOS module interface of the
optional Absolute Persistence Module service from Absolute® Software.
The options are:
● Enabled—This option is enabled by default.
● Disabled
● Permanently Disable Absolute
booting to a UEFI boot path device from the F12 boot menu.
The options are:
● Never
● Always
● Always Except Internal HDD—This option is enabled by default.
● Always Except Internal HDD&PXE