OptiPlex 5090 Small Form Factor Service Manual

Security

This section provides security details and settings.

Table 1. SecuritySecurity
Options	Description
TPM 2.0 Security
TPM 2.0 Security On	This section contains a toggle switch to select whether Trusted Platform Module(TPM) is visible to the Operating System(OS). (ON by default)
Attestation Enable	This section contains a toggle switch which lets the user control whether the TPM Endorsement Hierarchy is available to the operating system (OFF by default).
Key Storage Enable	This section contains a toggle switch that allows the user to control whether TPM Storage Hierarchy is available to the operating system (ON by default).
SHA-256	This section contains a toggle switch that when enabled, allows the BIOS and the TPM to use the SHA-256 hash algorithm to extend measurements into the TPM PCRs during BIOS boot (ON by default).
Clear	This section contains a toggle switch which clears the TPM owner information, and returns the TPM to the default state (OFF by default).
PPI Bypass for Clear Commands	This section contains a toggle switch which controls the TPM Physical Presence Interface(PPI). When enabled, this setting will allow the OS to skip BIOS PPI user prompts when issuing the clear command (OFF by default).
TPM State	This section allows the user to enable or disable the TPM. This is the default operating state for the TPM when you want to use its complete arrays of capabilities (enabled by default).
Intel Total Memory Encryption
Total Memory Encryption(TME)	This section allows the user to enable/disable TME to protect memory from physical attachs including freeze spray, probing DDR to read the cycles etc. All of the system memory is encrypted by the TME block attached to the memory controller
Chassis Intrusion
Chassis Intrusion	This field controls the chassis intrusion feature Disabled - Will not report intrusions during POST Enabled - Will report intrusions during POST On-silent - Detects intrusions but does not display any detected intrusions during POST (Selected by default)
Clear Intrusion Warning	This section contains a toggle switch to enable/disable warnings on intrusion (OFF by default).
SMM Security Mitigation	This section allows the user to enable or disable UEFI SMM security Mitigation protections (ON by default).
Data Wipe on Next Boot
Start Data Wipe	This section contains toggle switch which when enabled ensures that the BIOS will queue up a data wipe cycle for storage device(s) connected to the system board on the next reboot (OFF by default).
Absolute
Absolute	This section lets the user enable, disable or permanently disable the BIOS module interface of the optional Absolute Persistence Module service from Absolute Software. The options available are as follows: Enable Absolute - Enables Absolute Persistence and load the firmware Persistence Module (Selected by default) Disable Absolute - Disables Absolute Persistence. The firmware Persistence Module is not installed. Permanently Disable Absolute - Permanently disables Absolute Persistence module interface from further use.
UEFI Boot Path Security
UEFI Boot Path Security	This section lets the user control whether the system will prompt the user to enter the admin password(if set) when booting to a UEFI booth path device from F12 boot menu. The options available are as below: Never Always Always Except Internal HDD (Selected by default) Always Except Internal HDD&PXE
SafeShutter
SafeShutter	This section allows the user to choose between dynamic and manual shutter control: Dynamic Shutter - Camera shutter will automatically open when user grants application permission and close when permission ends. Can be disabled by using the F9 camera mute key(LED on). This is the default selected option. Manual Shutter Control - Shutter opens when F9 key is pressed(LED off) and closes when F9 key is pressed(LED on)