|
Admin Password
|
The Administrator Password prevents unauthorized access to the BIOS Setup options. Once the administrator password is set, the BIOS setup options can only be modified after providing the correct password.
The following rules and dependencies apply to the Administrator Password -
- The administrator password cannot be set if system and/or internal hard drive passwords are previously set.
- The administrator password can be used in place of the system and/or internal hard drive passwords.
- When set, the administrator password must be provided during a firmware update.
- Clearing the administrator password also clears the system password (if set).
Dell Technologies recommends using an administrator password to prevent unauthorized changes to BIOS setup options.
|
|
System Password
|
The System Password prevents the system from booting to an operating system without entering the correct password.
The following rules and dependencies apply when the System Password is used -
- The computer shuts down when idle for approximately 10 minutes at the system password prompt.
- The computer shuts down after three incorrect attempts to enter the system password.
- The computer shuts down when the
Esc key is pressed at the System Password prompt.
- The system password is not prompted when the computer resumes from standby mode.
Dell Technologies recommends using the system password in situations where it is likely that a system may be lost or stolen.
|
|
Asset tag
|
Set your system’s Asset Tag.
|
|
Password Change
|
Allows you to permit or deny system password or HDD password changes.
By default,
Password Change is permitted.
|
|
Allow Non-Admin Password Changes
|
The
Allow Non-Admin Password Changes option in BIOS setup allows an end user to set or change the system or hard drive passwords without entering the administrator password. This gives an administrator control over the BIOS settings but enables an end user to provide their own password.
By default, the
Allow Non-Admin Password Changes option is disabled.
For additional security, Dell Technologies recommends keeping the
Allow Non-Admin Password Changes option disabled.
|
|
Non-Admin Setup Changes
|
The
Non-Admin Setup Changes option allows an end user to configure the wireless devices without requiring the administrator password.
By default, the
Non-Admin Setup Changes option is disabled.
For additional security, Dell Technologies recommends keeping the
Non-Admin Setup Changes option disabled.
|
|
Absolute
|
Enables, disables, or permanently disables the BIOS module interface of the optional Absolute Persistence Module service from Absolute software.
By default, the
Absolute option is enabled.
For additional security, Dell Technologies recommends keeping the
Absolute option enabled.
WARNING:The 'Permanently Disabled' option can only be selected once. When 'Permanently Disabled' is selected, Absolute Persistence cannot be re-enabled. No further changes to the Enable/Disable states are allowed.
NOTE:The Enable/Disable options are unavailable while the computer is in the activated state.
NOTE:When the Absolute features are activated, the Absolute integration cannot be disabled from the BIOS setup screen.
|
|
Absolute Status
|
Displays Absolute status.
|
|
Windows SMM Security Mitigations Table (WSMT)
|
Enables or disables additional UEFI SMM Security Mitigation protections. This option uses the Windows SMM Security Mitigations Table (WSMT) to confirm to the operating system that security best practices have been implemented by the UEFI firmware.
By default, the
SMM Security Mitigation option is enabled.
For additional security, Dell Technologies recommends keeping the
SMM Security Mitigation option enabled unless you have a specific application which is not compatible.
NOTE:This feature may cause compatibility issues or loss of functionality with some legacy tools and applications.
|
|
Trusted Platform Module (TPM)
|
Trusted Platform Module (TPM) is a security device that stores computer-generated keys for encryption and features such as BitLocker, Virtual Secure Mode, remote Attestation.
By default, the
Trusted Platform Module (TPM) option is enabled.
For additional security, Dell Technologies recommends keeping Trusted Platform Module (TPM) enabled to allow these security technologies to fully function.
|
|
PPI Bypass for Clear Command
|
Allows you to control the TPM Physical Presence Interface (PPI). When enabled, this setting will allow the OS to skip BIOS PPI user prompts when issuing the Clear command. Changes to this setting take effect immediately.
By default, the
PPI Bypass for Clear Command option is disabled.
For additional security, Dell Technologies recommends keeping the
PPI Bypass for Clear Commands option disabled.
|
|
Enable Pre-Boot DMA Support
|
Allows you to control the Pre-Boot DMA protection for both internal and external ports. This option does not directly enable DMA protection in the operating system.
NOTE:This option is not available when the virtualization setting for IOMMU is disabled (VT-d/AMD Vi).
By default, the
Enable Pre-Boot DMA Support option is enabled.
For additional security, Dell Technologies recommends keeping the
Enable Pre-Boot DMA Support option enabled.
NOTE:This option is provided only for compatibility purposes, since some older hardware is not DMA capable.
|
|
Enable OS Kernel DMA Support
|
Allows you to control the Kernel DMA protection for both internal and external ports. This option does not directly enable DMA protection in the operating system. For operating systems that support DMA protection, this setting indicates to the operating system that the BIOS supports the feature.
NOTE:This option is not available when the virtualization setting for IOMMU is disabled (VT-d/AMD Vi).
By default, the
Enable OS Kernel DMA Support option is enabled.
NOTE:This option is provided only for compatibility purposes, since some older hardware is not DMA capable.
|
|
UEFI Firmware Capsule Updates
|
Enables or disables BIOS updates through UEFI capsule update packages.
By default, the
UEFI Firmware Capsule Updates option is enabled.
|
|
Secure Boot
|
|
|
Secure Boot Database
|
Displays the status of secure boot database.
|
|
Secure Boot Status
|
Displays the status of secure boot.
|
|
Secure Boot Mode
|
Displays the mode of secure boot.
|
|
User Customized Security
|
Displays the status of presence of user customized security.
|
|
Secure Boot
|
Enables the computer to boot using only validated boot software.
By default, the
Enable Secure Boot option is enabled.
For additional security, Dell Technologies recommends keeping the
Secure Boot option enabled to ensure that the UEFI firmware validates the operating system during the boot process.
NOTE:For Secure Boot to be enabled, the computer is required to be in UEFI boot mode and the Enable Legacy Option ROMs option is required to be turned off.
|
|
Select Secure Mode
|
Enables or disables the Secure Boot operation mode.
By default, the
Deployed Mode is selected.
NOTE:Deployed Mode should be selected for normal operation of Secure Boot.
|
|
Expert Key Management
|
|
|
Enable Custom Mode
|
Enables or disables the keys in the PK, KEK, db, and dbx security key databases to be modified.
By default, the
Enable Custom Mode option is disabled.
|
|
Custom Mode Key Management
|
Selects the custom values for expert key management.
By default, the
PK option is selected.
|