Dell XPS 16 9640 Owner's Manual page 93

Table 36. BIOS Setup options—Security menu (continued)
Security
Attestation Enable
Key Storage Enable
SHA-256
Clear
Physical Presence Interface (PPI) Bypass
for Enable Commands
Intel Total Memory Encryption
Multi-Key Total Memory Encryption (Up to
16 keys)
Chassis intrusion
Chassis Intrusion Detection
The Attestation Enable option controls the endorsement hierarchy of TPM.
Disabling the Attestation Enable option prevents TPM from being used to
digitally sign certificates.
By default, the Attestation Enable option is enabled.
For additional security, Dell Technologies recommends keeping the Attestation
Enable option enabled.
NOTE: When disabled, this feature may cause compatibility issues or loss of
functionality in some operating systems.
The Key Storage Enable option controls the storage hierarchy of TPM, which is
used to store digital keys. Disabling the Key Storage Enable option restricts the
ability of TPM to store owner's data.
By default, the Key Storage Enable option is enabled.
For additional security, Dell Technologies recommends keeping the Key Storage
Enable option enabled.
NOTE: When disabled, this feature may cause compatibility issues or loss of
functionality in some operating systems.
Allows you to control the hashing algorithm that is used by the TPM. When
enabled, the TPM uses the SHA-256 hashing algorithm. When disabled, the TPM
uses the SHA-1 hash algorithm.
By default, the SHA-256 option is enabled.
For additional security, Dell Technologies recommends keeping the SHA-256
option enabled.
When enabled, the Clear option clears information that is stored in the TPM
after exiting the computer's BIOS. This option returns to the disabled state when
the computer restarts.
By default, the Clear option is disabled.
Dell Technologies recommends enabling the Clear option only when TPM data is
required to be cleared.
The Physical Presence Interface (PPI) Bypass options can be used to allow
the operating system to manage certain aspects of the TPM. If these options
are enabled, you are not prompted to confirm certain changes to the TPM
configuration.
By default, the PPI Bypass for Enable Commands option is enabled.
For additional security, Dell Technologies recommends keeping the PPI Bypass
for Enable Commands option enabled.
Enable or disable the protection of memory from physical attacks including freeze
spray, probing DDR to read the cycles, and others. When enabled, the system
memory is encrypted bu the Total Memory Encryption (TME) block attached to
the memory controller.
By default, the Multi-Key Total Memory Encryption option is disabled.
The chassis intrusion detection enables a physical switch that triggers an event
when the computer cover is opened.
When set to Enabled, a notification is displayed on the next boot and the event
is logged in the BIOS Events log.
BIOS Setup 93