Dell VxRail VP-760 Manual page 44

The following table lists the system security details:
Option
Intel TXT
Memory
Encryption
TME Encryption
Bypass
Intel SGX
Power Button
AC Power
Recovery
AC Power
Recovery Delay
User Defined
Delay (120 s to
600 s)
UEFI Variable
Access
In-Band
Manageability
Interface
SMM Security
Mitigation
Secure Boot
44 Pre-operating system management applications
Description
Enables you to set the Intel Trusted Execution Technology (TXT) option. Virtualization technology
and TPM Security must be enabled with Preboot measurements to enable the Intel TXT option. This
option is set to Off by default. It is set On for Secure Launch (Firmware Protection) support on
Windows 2022.
Enables or disables the Intel Total Memory Encryption (TME) and Multitenant (Intel TME-MT). When
option is set to Disabled, BIOS disables both TME and MK-TME technology. When the option is
set to Single Key, the BIOS enables the TME technology. When option is set to Multiple Keys,
BIOS enables the TME-MT technology. This option is set to Disabled by default. This setting can be
enabled only if the CPU Physical Address Limit is disabled.
Allows the option to bypass the Intel Total Memory Encryption. This option is set to Disabled by
default.
Enables you to set the Intel Software Guard Extension (SGX) option. To enable the Intel SGX
option, the processor:
● Must be SGX capable.
● Memory population must be compatible (minimum x8 identical DIMM1 to DIMM8 per CPU socket.
● Not support persistent memory configuration.
● Memory operating mode must be set to Optimizer mode.
● Memory encryption must be enabled.
● Node interleaving must be disabled.
When this option is Off, BIOS disables the SGX technology. When this option is On, the BIOS
enables the SGX technology. This option is set to Off by default.
Enables or disables the power button on the front of the system. This option is set to Enabled by
default.
Sets how the system behaves after AC power is restored to the system. This option is set to Last by
default.
NOTE: The host system will not power on until the iDRAC Root of Trust (RoT) function is
completed. The host power-on delays by 90 seconds after the AC power is applied.
Sets the time delay for the system to power on after AC power is restored to the system. This
option is set to Immediate by default. When this option is set to Immediate, there is no delay for
power-up. When this option is set to Random, the system creates a random delay for power-up.
When this option is set to User Defined, the system delay time is manually to power on.
Sets the User Defined Delay option when the User Defined option for AC Power Recovery Delay
is selected. The AC recovery time adds approximately 50 seconds to the iDRAC root of trust time.
This option provides various degrees of securing UEFI variables. When set to Standard (the
default), UEFI variables are accessible in the operating system per the UEFI specification. When
set to Controlled, selected UEFI variables are protected in the environment. New UEFI boot entries
are placed at the end of the current boot order.
When set to Disabled, the Management Engine (ME), HECI devices, and the system IPMI devices
are hidden from the operating system. Hiding the ME and the devices from the operating system
prevents changes to the ME power capping settings, and blocks access to all in-band management
tools. All managements should be managed through out-of-band. This option is set to Enabled by
default.
NOTE: The BIOS update requires HECI devices to be operational, and DUP updates require IPMI
interface to be operational. Set this setting to Enabled to avoid updating errors.
Enables or disables the UEFI SMM security mitigation protections. It is set to Disabled by default.
Enables Secure Boot, where the BIOS authenticates each preboot image by using the certificates in
the Secure Boot Policy. Secure Boot is set to Disabled by default.