Table of Contents
Advertisement
Table 39. System setup options—Security menu (continued)
Security
Block Boot Until Cleared
Legacy Manageability Interface
Access
SMM Security Mitigation
Data Wipe on Next Boot
Start Data Wipe
Absolute
When set to Disabled, no notification is displayed and no event is logged in
the BIOS Events log.
By default, the Chassis Intrusion Detection option is enabled.
For additional security, Dell Technologies recommends keeping the Chassis
Intrusion Detection option enabled.
Enables or disables the Block Boot Until Cleared option.
By default, the Block Boot Until Cleared option is enabled.
NOTE:
When enabled, the computer does not boot until the chassis
intrusion is cleared. If the administrator password is set, Setup has to be
unlocked before the warning can be cleared.
Allows the administrator to control the access to BIOS configuration through
the Legacy Manageability Interface option. When enabled, this prevents
the BIOS Administrator password-based manageability tools from running,
prevents some Dell software applications from reading configuration settings,
and/or prevents changes to the BIOS configuration settings.
When enabled, this option only supports the Authenticated BIOS Manageability
Interface (ABI) for managing the BIOS configuration changes. To support this
feature, ABI must be enabled and provisioned.
When set to Enabled, the Legacy Manageability Interface can be used to read
and change BIOS configuration settings.
When set to Read-Only, BIOS configuration settings can be read, but cannot
be changed through the Legacy Manageability Interface.
When set to Disabled, the Legacy Manageability Interface is disabled. BIOS
configuration reads and writes are blocked.
Enables or disables additional UEFI SMM Security Mitigation protections. This
option uses the Windows SMM Security Mitigations Table (WSMT) to confirm
to the operating system that security best practices have been implemented
by the UEFI firmware.
By default, the SMM Security Mitigation option is enabled.
For additional security, Dell Technologies recommends keeping the SMM
Security Mitigation option enabled unless you have a specific application
which is not compatible.
NOTE:
This feature may cause compatibility issues or loss of functionality
with some legacy tools and applications.
CAUTION:
Secure Data Wipe operation deletes information in a way
that it cannot be reconstructed.
Commands such as delete and format in the operating system may remove
files from showing up in the file system, however they can be reconstructed
through forensic means as they are still represented on the physical media.
Data Wipe prevents this reconstruction and is not recoverable.
When enabled, the BIOS will queue up a data wipe cycle for storage devices
that are connected to the motherboard on the next reboot.
By default, the Start Data Wipe option is disabled.
Enables, disables, or permanently disables the BIOS module interface of the
optional Absolute Persistence Module service from Absolute software.
By default, the Absolute option is enabled.
BIOS setup
135
Hide quick links:
Advertisement
Table of Contents
