Dell Latitude 5550 Owners Manual - Page 153

Data Wipe on Next Boot, Intel Total Memory Encryption

Page 153 highlights

Table 49. System Setup options-Security menu (continued) Security Multi-Key Total Memory Encryption (Up to Enables or disables the processor's memory encryption feature. 16 keys) By default, the Intel Total Memory Encryption option is disabled. NOTE: To view this option, enable Advanced Setup mode as described in View Advanced Setup options. Chassis Intrusion Chassis Intrusion Enables or disables the detection of chassis intrusion events. This feature notifies the user when the base cover has been removed from the computer. When set to Enabled, a notification is displayed on the next boot and the event is logged in the BIOS Events log. When set to Disabled, no notification is displayed and no event is logged in the BIOS Events log. When set to On-Silent, the event is logged in the BIOS Events log, but no notification is displayed. By default, the Chassis Intrusion Detection option is disabled. For additional security, Dell Technologies recommends keeping the Chassis Intrusion option enabled. NOTE: To view this option, enable Advanced Setup mode as described in View Advanced Setup options. Block Boot Until Cleared The Block Boot Until Clear option is enabled when Chassis Intrusion is enabled. When enabled, the computer does not boot until the chassis intrusion is cleared. NOTE: To view this option, enable Advanced Setup mode as described in View Advanced Setup options. Clear Intrusion Warning The Clear Intrusion Warning option appears only after chassis intrusion is enabled and is tripped. By default, the Clear Intrusion Warning option is disabled. SMM Security Mitigation Enables or disables additional UEFI SMM Security Mitigation protections. This option uses the Windows SMM Security Mitigations Table (WSMT) to confirm to the operating system that security best practices have been implemented by the UEFI firmware. By default, the SMM Security Mitigation option is enabled. For additional security, Dell Technologies recommends keeping the SMM Security Mitigation option enabled unless you have a specific application which is not compatible. NOTE: This feature may cause compatibility issues or loss of functionality with some legacy tools and applications. NOTE: To view this option, enable Service options as described in View Service options. Data Wipe on Next Boot Start Data Wipe Data Wipe is a secure wipe operation that deletes information from a storage device. CAUTION: The Secure Data Wipe operation erases information in a way that it cannot be reconstructed. Commands such as delete and format in the operating system may remove files from showing up in the file system, however they can be reconstructed through forensic means as they are still represented on the physical media. Data Wipe prevents this reconstruction and is not recoverable. BIOS Setup 153

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173

Table 49. System Setup options—Security menu (continued)
Security
Multi-Key Total Memory Encryption (Up to
16 keys)
Enables or disables the processor’s memory encryption feature.
By default, the
Intel Total Memory Encryption
option is disabled.
NOTE:
To view this option, enable
Advanced Setup
mode as described in
View Advanced Setup options
.
Chassis Intrusion
Chassis Intrusion
Enables or disables the detection of chassis intrusion events. This feature notifies
the user when the base cover has been removed from the computer.
When set to
Enabled
, a notification is displayed on the next boot and the event
is logged in the BIOS Events log.
When set to
Disabled
, no notification is displayed and no event is logged in the
BIOS Events log.
When set to
On-Silent
, the event is logged in the BIOS Events log, but no
notification is displayed.
By default, the
Chassis Intrusion Detection
option is disabled.
For additional security, Dell Technologies recommends keeping the
Chassis
Intrusion
option enabled.
NOTE:
To view this option, enable
Advanced Setup
mode as described in
View Advanced Setup options
.
Block Boot Until Cleared
The
Block Boot Until Clear
option is enabled when
Chassis Intrusion
is
enabled. When enabled, the computer does not boot until the chassis intrusion is
cleared.
NOTE:
To view this option, enable
Advanced Setup
mode as described in
View Advanced Setup options
.
Clear Intrusion Warning
The
Clear Intrusion Warning
option appears only after chassis intrusion is
enabled and is tripped.
By default, the
Clear Intrusion Warning
option is disabled.
SMM Security Mitigation
Enables or disables additional UEFI SMM Security Mitigation protections. This
option uses the Windows SMM Security Mitigations Table (WSMT) to confirm to
the operating system that security best practices have been implemented by the
UEFI firmware.
By default, the
SMM Security Mitigation
option is enabled.
For additional security, Dell Technologies recommends keeping the
SMM
Security Mitigation
option enabled unless you have a specific application which
is not compatible.
NOTE:
This feature may cause compatibility issues or loss of functionality
with some legacy tools and applications.
NOTE:
To view this option, enable
Service
options as described in
View
Service options
.
Data Wipe on Next Boot
Start Data Wipe
Data Wipe is a secure wipe operation that deletes information from a storage
device.
CAUTION:
The Secure Data Wipe operation erases information in a
way that it cannot be reconstructed.
Commands such as delete and format in the operating system may remove files
from showing up in the file system, however they can be reconstructed through
forensic means as they are still represented on the physical media. Data Wipe
prevents this reconstruction and is not recoverable.
BIOS Setup
153