Table 10. System setup options—Security menu (continued)
Security
When set to
On-Silent
, the event is logged in the BIOS Events log, but no
notification is displayed.
When set to
Disabled
, no notification is displayed and no event is logged in the
BIOS Events log.
By default, the
Chassis Intrusion Detection
option is enabled.
For additional security, Dell Technologies recommends keeping the
Chassis
Intrusion Detection
option enabled.
Block Boot Until Cleared
Enables or disables the Block Boot Until Cleared option.
By default, the
Block Boot Until Cleared
option is enabled.
NOTE:
When enabled, the computer does not boot until the chassis intrusion
is cleared. If the administrator password is set, Setup has to be unlocked
before the warning can be cleared.
Legacy Manageability Interface Access
Allows the administrator to control the access to BIOS configuration through the
Legacy Manageability Interface option. When enabled, this prevents the BIOS
Administrator password-based manageability tools from running, prevents some
Dell software applications from reading configuration settings, and/or prevents
changes to the BIOS configuration settings.
When enabled, this option only supports the Authenticated BIOS Manageability
Interface (ABI) for managing the BIOS configuration changes. To support this
feature, ABI must be enabled and provisioned.
When set to
Enabled
, the Legacy Manageability Interface can be used to read
and change BIOS configuration settings.
When set to
Read-Only
, BIOS configuration settings can be read, but cannot be
changed through the Legacy Manageability Interface.
When set to
Disabled
, the Legacy Manageability Interface is disabled. BIOS
configuration reads and writes are blocked.
SMM Security Mitigation
Enables or disables additional UEFI SMM Security Mitigation protections. This
option uses the Windows SMM Security Mitigations Table (WSMT) to confirm to
the operating system that security best practices have been implemented by the
UEFI firmware.
By default, the
SMM Security Mitigation
option is enabled.
For additional security, Dell Technologies recommends keeping the
SMM
Security Mitigation
option enabled unless you have a specific application which
is not compatible.
NOTE:
This feature may cause compatibility issues or loss of functionality
with some legacy tools and applications.
Data Wipe on Next Boot
Start Data Wipe
CAUTION:
Secure Data Wipe operation deletes information in a way
that it cannot be reconstructed.
Commands such as delete and format in the operating system may remove files
from showing up in the file system, however they can be reconstructed through
forensic means as they are still represented on the physical media. Data Wipe
prevents this reconstruction and is not recoverable.
When enabled, the BIOS will queue up a data wipe cycle for storage devices that
are connected to the motherboard on the next reboot.
By default, the
Start Data Wipe
option is disabled.
Absolute
Enables, disables, or permanently disables the BIOS module interface of the
optional Absolute Persistence Module service from Absolute software.
48
System setup