BIOS Features | Security Functions | Corresponding OS Features | Other Information |
Virtualization Technology
| Helps BIOS to enable processor virtualization features (such as protecting against exploits in user-mode drivers and applications) and provide virtualization support to the Operating System (OS) through the DMAR table.
| - Hypervisor-Protected Code Integrity (HVCI)
- Virtualization Based Security (VBS)
| |
Kernel DMA Protection
| When enabled, both BIOS and OS protects devices from Direct Memory Access attacks in early boot by leveraging the Input/Output Memory Management Unit (IOMMU).
| Boot DMA Protection
| |
Secure Boot
| Secure Boot ensures that the device boots with trusted,
Dell Technologies signed software.
| Secure Boot
| |
Trusted Platform Module (TPM) 2.0
| Trusted Platform Module (TPM) is a dedicated microprocessor designed to secure hardware by integrating cryptographic keys into devices. Software can use a TPM to authenticate hardware devices.
| | NOTE: - If TPM firmware version is less than 7.2.2.0,
Enable BIOS Configuration button is disabled. You must replace with a hardware having TPM firmware version 7.2.2.0 or above.
- Enabling TPM will enable TPM Security, TPM Bypass Provision, TPM Bypass Clear, TPM Algorithm Selection, and TPM Module firmware security attributes.
- If secured-core fails because TPM is partially enabled, check whether TPM has failed due to TPM Bypass Provision and TPM Bypass Clear attributes.
- If yes, then you can ignore this failure because TPM Bypass Provision and TPM Bypass Clear attributes are not directly related to the secured-core but these are considered for overall infrastructure security and system resilience.
|
[AMD] Dynamic Root of Trust Measurement
| Enables AMD Dynamic Root of Trust Measurement (DRTM). Also enables AMD secure encryption features such as Secure Memory Encryption (SME) and Transparent Secure Memory Encryption (SME).
| | This feature is available for AMD based processor.
|
[Intel] Trusted Execution Technology
| Enhances platform security by using Virtualization Technology, TPM Security, and TPM2 Algorithm (must be SHA256). Intel TXT provides security against hypervisor, BIOS, firmware and other pre -launch software based attacks by establishing a 'root of trust' during the boot process.
| | This feature is available for Intel based processor.
|