Home » Dell Manuals » Servers » Dell PowerEdge MX840c » Manual Viewer

Dell PowerEdge MX840c EMC PowerEdge MX840c Installation and Service Manual - Page 36

Option, Description, Con s the Secure Boot Custom Policy. To enable this option

View all Dell PowerEdge MX840c manuals

Add to My Manuals
Save this manual to your list of manuals

Page 36 highlights

Option Power Button AC Power Recovery UEFI Variable Access In-Band Manageability Interface Secure Boot Secure Boot Policy Secure Boot Mode Description When TPM 2.0 is installed, TPM 2 Algorithm option is available. It enables you to select a hash algorithm from those supported by the TPM (SHA1, SHA256). TPM 2 Algorithm option must be set to SHA256, to enable TXT. Enables or disables the power button on the front of the system. This option is set to Enabled by default. Sets how the system behaves after AC power is restored to the system. This option is set to Last by default. Provides varying degrees of securing UEFI variables. When set to Standard (the default), UEFI variables are accessible in the operating system per the UEFI specification. When set to Controlled, selected UEFI variables are protected in the environment and new UEFI boot entries are forced to be at the end of the current boot order. When set to Disabled, this setting will hide the Management Engine's (ME), HECI devices, and the system's IPMI devices from the operating system. This prevents the operating system from changing the ME power capping settings, and blocks access to all in-band management tools. All management should be managed through out-of-band. This option is set to Enabled by default. NOTE: BIOS update requires HECI devices to be operational and DUP updates require IPMI interface to be operational. This setting needs to be set to Enabled to avoid updating errors. Enables Secure Boot, where the BIOS authenticates each pre-boot image by using the certificates in the Secure Boot Policy. Secure Boot is set to Disabled by default. When Secure Boot policy is set to Standard, the BIOS uses the system manufacturer's key and certificates to authenticate pre-boot images. When Secure Boot policy is set to Custom, the BIOS uses the user-defined key and certificates. Secure Boot policy is set to Standard by default. Configures how the BIOS uses the Secure Boot Policy Objects (PK, KEK, db, dbx). If the current mode is set to Deployed Mode, the available options are User Mode and Deployed Mode. If the current mode is set to User Mode, the available options are User Mode, Audit Mode, and Deployed Mode. Options User Mode Description In User Mode, PK must be installed, and BIOS performs signature verification on programmatic attempts to update policy objects. The BIOS allows unauthenticated programmatic transitions between modes. Deployed Mode Deployed Mode is the most secure mode. In Deployed Mode, PK must be installed and the BIOS performs signature verification on programmatic attempts to update policy objects. Deployed Mode restricts the programmatic mode transitions. Audit Mode In Audit mode, PK is not present. The BIOS does not authenticate programmatic updates to the policy objects, and transitions between modes. Audit Mode is useful for programmatically determining a working set of policy objects. BIOS performs signature verification on pre-boot images and logs results in the image Execution Information Table, but executes the images whether they pass or fail verification. Secure Boot Policy Summary Secure Boot Custom Policy Settings Specifies the list of certificates and hashes that secure boot uses to authenticate images. Configures the Secure Boot Custom Policy. To enable this option, set the Secure Boot Policy to Custom option. 36 Pre-operating system management applications

Section	Page
Dell EMC PowerEdge MX840c Installation and Service Manual	3
About this document	7
Dell EMC PowerEdge MX840c overview	8
Front view of the sled	9
Inside the sled	9
Locating the Service Tag of the sled	11
System information label	11
Initial system setup and configuration	15
Setting up your sled	15
iDRAC configuration	15
Options to set up iDRAC IP address	15
Log in to iDRAC	16
Options to install the operating system	16
Methods to download firmware and drivers	16
Downloading drivers and firmware	17
Pre-operating system management applications	18
Options to manage the pre-operating system applications	18
System Setup	18
View System Setup	18
System Setup details	19
System BIOS	19
Viewing System BIOS	19
System BIOS Settings details	19
System Information	20
View System Information	20
System Information details	20
Memory Settings	21
View Memory Settings	21
Memory Settings details	21
Persistent Memory details	22
Processor Settings	23
View Processor Settings	23
Processor Settings details	24
SATA Settings	25
View SATA Settings	26
SATA Settings details	26
NVMe Settings	26
View NVMe settings	27
NVMe Settings details	27
Boot Settings	27
View Boot Settings	27
Boot Settings details	28
UEFI Boot Settings	28
Choosing system boot mode	28
Changing boot order	29
Network Settings	29
Viewing Network Settings	29
Network Settings screen details	29
Integrated Devices	30
Viewing Integrated Devices	30
Integrated Devices details	30
Serial Communication	32
Viewing Serial Communication	32
Serial Communication details	32
System Profile Settings	33
Viewing System Profile Settings	33
System Profile Settings details	33
System Security	34
Viewing System Security	34
System Security Settings details	35
Creating a system and setup password	37
Using your system password to secure your system	37
Deleting or changing system and Setup password	37
Operating with setup password enabled	38
Redundant OS Control	38
Viewing Redundant OS Control	38
Redundant OS Control screen details	39
Miscellaneous Settings	39
View Miscellaneous Settings	39
Miscellaneous Settings details	40
iDRAC Settings utility	40
Device Settings	40
Dell Lifecycle Controller	40
Embedded System Management	40
Boot Manager	41
View the boot manager	41
Boot Manager main menu	41
One-shot UEFI Boot menu	41
System Utilities	41
PXE boot	41
Installing and removing sled components	42
Safety instructions	42
Before working inside your sled	42
After working inside your sled	43
Recommended tools	43
PowerEdge MX840c sled	43
Removing the sled from the enclosure	43
Installing the sled into the enclosure	45
Sled cover	46
Removing the sled cover	46
Installing the sled cover	47
Air shroud	49
Removing the air shroud from the PEM	49
Installing the air shroud on the PEM	49
Removing the air shroud from the system board	50
Installing the air shroud on the system board	51
Processor expansion module	52
Removing the processor expansion module	52
Installing the processor expansion module	53
Drives	54
Drive installation guidelines	54
Removing a drive blank	54
Installing a drive blank	55
Removing a drive carrier	56
Installing a drive carrier	57
Removing a drive from the drive carrier	58
Installing a drive into the drive carrier	59
Drive backplane	60
Drive backplane connectors	60
Removing the drive backplane	61
Installing the drive backplane	62
Cable routing	64
Drive cage	67
Removing the drive cage	67
Installing the drive cage	68
Battery backup unit	69
Removing the battery backup unit module	69
Installing the BBU module	70
Removing the BBU from the BBU cage	71
Installing the BBU into the BBU cage	72
Control panel	73
Removing the control panel	73
Installing the control panel	74
System memory	75
Memory channels and population	75
General memory module installation guidelines	78
NVDIMM-N memory module installation guidelines	79
DCPMM installation guidelines	82
Mode-specific guidelines	84
Removing a memory module	87
Installing a memory module	88
Processors and heat sinks	89
Processor wattage and heat sink dimensions	90
Removing the processor and heat sink module	90
Removing the processor from the processor and heat sink module	91
Installing the processor into a processor and heat sink module	92
Installing the processor and heat sink module	95
iDRAC card	96
Removing the iDRAC card	96
Installing the iDRAC card	97
PERC cards	99
Removing the PERC card	99
Installing the PERC card	99
Removing the Jumbo PERC card	100
Installing the Jumbo PERC card	101
Optional Internal dual SD module	102
Removing the optional IDSDM module	102
Installing the optional IDSDM module	103
Removing a MicroSD card	104
Installing a MicroSD card	105
M.2 BOSS module	106
Removing the M.2 BOSS module	106
Installing the M.2 BOSS module	107
Removing the M.2 SATA card	108
Installing the M.2 SATA card	109
Mezzanine card	110
Mezzanine card installation guidelines	110
Removing the mini Mezzanine card blank	110
Installing the mini Mezzanine card blank	111
Removing a mini Mezzanine card	112
Installing a mini Mezzanine card	112
Removing the Mezzanine card	113
Installing the Mezzanine card	115
Optional internal USB memory key	116
Replacing the optional internal USB memory key	116
System battery	117
Replacing the system battery	117
System board	118
Removing the system board	118
Installing the system board	120
Entering the system Service Tag by using System Setup	121
Restoring the Service Tag by using the Easy Restore feature	121
Trusted Platform Module	122
Upgrading the Trusted Platform Module	122
Removing the TPM	122
Installing the TPM	123
Initializing TPM for BitLocker users	123
Initializing the TPM 1.2 for TXT users	123
Initializing the TPM 2.0 for TXT users	123
Jumpers and connectors	125
System board jumpers and connectors	125
System board jumper settings	127
Disabling forgotten password	127
Technical specifications	129
Sled dimensions	129
Chassis weight	129
Processor specifications	130
Intel Quick Assist Technology	130
Supported operating systems	130
System battery specifications	130
Memory specifications	130
Drives	131
Ports and connectors specifications	132
USB ports	132
Internal Dual SD Module	132
PERC controller cards	132
Mezzanine cards	133
Environmental specifications	133
Particulate and gaseous contamination specifications	134
Standard operating temperature	135
Expanded operating temperature	135
Expanded operating temperature restrictions	136
Thermal	136
System diagnostics and indicator codes	137
System ID and status LED indicator codes	137
Power button LED	137
Drive indicator codes	138
System diagnostics	139
Dell Embedded System Diagnostics	139
Running the Embedded System Diagnostics from Boot Manager	139
Running the Embedded System Diagnostics from the Dell Lifecycle Controller	139
System diagnostic controls	139
Getting help	140
Contacting Dell	140
Documentation feedback	140
Receiving automated support with SupportAssist	140
Accessing system information by using QRL	141
Quick Resource Locator for the PowerEdge MX840c sled	141
Recycling or End-of-Life service information	141

Match case Limit results 1 per page

Option

Description

When TPM 2.0 is installed,

TPM 2 Algorithm

option is available. It enables you to select a hash algorithm

from those supported by the TPM (SHA1, SHA256).

TPM 2 Algorithm

option must be set to

SHA256

to enable TXT.

Power Button

Enables or disables the power button on the front of the system. This option is set to

Enabled

by default.

AC Power

Recovery

Sets how the system behaves after AC power is restored to the system. This option is set to

Last

default.

UEFI Variable

Access

Provides varying degrees of securing UEFI variables. When set to

Standard

(the default), UEFI variables

are accessible in the operating system per the UEFI specification. When set to

Controlled

, selected UEFI

variables are protected in the environment and new UEFI boot entries are forced to be at the end of the

current boot order.

In-Band

Manageability

Interface

When set to

Disabled

, this setting will hide the Management Engine's (ME), HECI devices, and the

system's IPMI devices from the operating system. This prevents the operating system from changing the

ME power capping settings, and blocks access to all in-band management tools. All management should

be managed through out-of-band. This option is set to

Enabled

by default.

NOTE:

BIOS update requires HECI devices to be operational and DUP updates require IPMI interface

to be operational. This setting needs to be set to

Enabled

to avoid updating errors.

Secure Boot

Enables Secure Boot, where the BIOS authenticates each pre-boot image by using the certificates in the

Secure Boot Policy. Secure Boot is set to

Disabled

by default.

Secure Boot

Policy

When Secure Boot policy is set to

Standard

, the BIOS uses the system manufacturer’s key and

certificates to authenticate pre-boot images. When Secure Boot policy is set to

Custom

, the BIOS uses

the user-defined key and certificates. Secure Boot policy is set to

Standard

by default.

Secure Boot

Mode

Configures how the BIOS uses the Secure Boot Policy Objects (PK, KEK, db, dbx).

If the current mode is set to

Deployed Mode

, the available options are

User Mode

and

Deployed Mode

If the current mode is set to

User Mode

, the available options are

User Mode

Audit Mode

, and

Deployed Mode

Options

Description

User Mode

, PK must be installed, and BIOS performs signature verification on

programmatic attempts to update policy objects.

The BIOS allows unauthenticated programmatic transitions between modes.

Deployed Mode

is the most secure mode. In

Deployed Mode

, PK must be

installed and the BIOS performs signature verification on programmatic attempts to

update policy objects.

Deployed Mode

restricts the programmatic mode transitions.

Audit Mode

Audit mode

, PK is not present. The BIOS does not authenticate programmatic

updates to the policy objects, and transitions between modes.

Audit Mode

is useful for programmatically determining a working set of policy

objects.

BIOS performs signature verification on pre-boot images and logs results in the

image Execution Information Table, but executes the images whether they pass or

fail verification.

Secure Boot

Policy Summary

Specifies the list of certificates and hashes that secure boot uses to authenticate images.

Secure Boot

Custom Policy

Settings

Configures the Secure Boot Custom Policy. To enable this option, set the Secure Boot Policy to

Custom

option.

Pre-operating system management applications