BIOS and Operating System Requirements to Met Support Secured-core Personal Computing

The article provides information about what is the BIOS option setting on your personal computer.

Table of Contents:

1. What is BIOS?
2. How to set

What is Bios?

Refer to What is BIOS and How to Update the BIOS on Your Dell System

Back to Top

How to set

The following settings in the system BIOS must be configured to support Secured-Core personal computer.

1. The Secure Boot - Secure Boot Enable setting must be ON and Microsoft UEFI CA option to OFF(Figure 1.)​
   
   Figure 1. - Secure Boot Enable in BIOS
2. The System Management Mode (SMM) SMM Security Mitigation option must be selected in the Security, SMM Security Mitigation settings. (Figure 2.)
   
   Figure 2. - SMM Security Mitigation Enable in BIOS
3. The VT for Direct I/O option must be selected in the Virtualization Support, VT for Direct I/O settings. (Figure 3.)
   
   Figure 3. - VT for Direct I/O Enable in BIOS
4. The Trusted Execution option must be enabled in the Virtualization Support, Trusted Execution settings. (Figure 4.)
   
   Figure 4. - Trusted Execution Enable in BIOS

Intel Whiskey Lake computers with Microsoft Windows 10 version 19H1 and beyond or for Intel Comet Lake computers with Windows 10 version 20H1 and beyond perform the following steps in the operating system.

1. Under Settings, Update & Security, Windows Security, Device Security, Core isolation, Core isolation details. (Figure 5.)
   
   Figure 5. - Windows Core isolation settings
   1. Set Memory integrity - ON
   2. Memory access protection then should be - Present
   3. Set Firmware protection - ON
2. Once completed, Device security indicates: "Your device exceeds the requirements for enhanced hardware security." (Figure 6.)
   
   
   Figure 6. - Your device exceeds the requirements for enhanced hardware security.

Back to To