Dell XPS 13 7390 2-in-1 Service Manual - Page 39

Table 6. System setup options-Security menucontinued, SMM Security Mitigation

Page 39 highlights

Table 6. System setup options-Security menu(continued) Security PPI Bypass for Clear Commands Enables or disables the operating system to skip BIOS Physical Presence Interface (PPI) user prompts when issuing the Clear command. Default: OFF. Attestation Enables Enables to control whether the TPM Endorsement Hierarchy is available to the OS. Disabling this setting restricts the ability to use the TPM for signature operations. Default: ON. Key Storage Enable Enables to control whether the TPM Endorsement Hierarchy is available to the OS. Disabling this setting restricts the ability to use the TPM for storing owner data. Default: ON. SHA-256 Enables or disables the BIOS and the TPM to use the SHA-256 hash algorithm to extend measurements into the TPM PCRs during BIOS boot. Default: ON. Clear Enables or disables the computer to clear the PTT owner information, and returns the PTT to the default state. Default: OFF. TPM State Enables or disables the TPM. This is the normal operating state for the TPM when you want to use its complete array of capabilities. Default: Enabled. Intel SGX Enables or disables the Intel Software Guard Extensions (SGX) to provide a secured environment for running code/storing sensitive information. Default: Software Control SMM Security Mitigation Enables or disables additional UEFI SMM Security Mitigation protections. Default: OFF. NOTE: This feature may cause compatibility issues or loss of functionality with some legacy tools and applications. Enable Strong Passwords Enables or disables strong passwords. Default: OFF. Password Configuration Admin Password System Password Enable Master Password Lockout Control the minimum and maximum number of characters that are allowed for Admin and System passwords. Sets, Changes, or deletes the administrator (admin) password (sometimes called the "setup" password). Sets, Changes, or deletes the system password. Enables or disables the master password support. Default: OFF. Table 7. System setup options-Secure Boot menu Secure Boot Enable Secure Boot Enables or disables the computer to boos using only validated boot software. Default: OFF. NOTE: For Secure Boot to be enabled, the computer needs to be in UEFI boot mode and the Enable Legacy Option ROMs option needs to be turned off. System setup 39

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49

Table 6. System setup options—Security menu(continued)
Security
PPI Bypass for Clear Commands
Enables or disables the operating system to skip BIOS Physical Presence Interface
(PPI) user prompts when issuing the Clear command.
Default: OFF.
Attestation Enables
Enables to control whether the TPM Endorsement Hierarchy is available to the OS.
Disabling this setting restricts the ability to use the TPM for signature operations.
Default: ON.
Key Storage Enable
Enables to control whether the TPM Endorsement Hierarchy is available to the OS.
Disabling this setting restricts the ability to use the TPM for storing owner data.
Default: ON.
SHA-256
Enables or disables the BIOS and the TPM to use the SHA-256 hash algorithm to
extend measurements into the TPM PCRs during BIOS boot.
Default: ON.
Clear
Enables or disables the computer to clear the PTT owner information, and returns
the PTT to the default state.
Default: OFF.
TPM State
Enables or disables the TPM. This is the normal operating state for the TPM when
you want to use its complete array of capabilities.
Default: Enabled.
Intel SGX
Enables or disables the Intel Software Guard Extensions (SGX) to provide a secured
environment for running code/storing sensitive information.
Default: Software Control
SMM Security Mitigation
Enables or disables additional UEFI SMM Security Mitigation protections.
Default: OFF.
NOTE:
This feature may cause compatibility issues or loss of
functionality with some legacy tools and applications.
Enable Strong Passwords
Enables or disables strong passwords.
Default: OFF.
Password Configuration
Control the minimum and maximum number of characters that are allowed for Admin
and System passwords.
Admin Password
Sets, Changes, or deletes the administrator (admin) password (sometimes called the
"setup" password).
System Password
Sets, Changes, or deletes the system password.
Enable Master Password Lockout
Enables or disables the master password support.
Default: OFF.
Table 7. System setup options—Secure Boot menu
Secure Boot
Enable Secure Boot
Enables or disables the computer to boos using only validated boot software.
Default: OFF.
NOTE:
For Secure Boot to be enabled, the computer needs to be in UEFI
boot mode and the Enable Legacy Option ROMs option needs to be
turned off.
System setup
39