Dell Encryption on Computers with 12th Gen Intel CPUs May Fail to Boot
Summary: This article discusses an issue with Dell Encryption (formerly Dell Data Protection | Encryption), Dell Endpoint Security Suite Enterprise, and Dell Endpoint Security Suite Pro and computers that have Intel 12th generation CPUs. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
NOTE:
- As of May 2022, Dell Endpoint Security Suite Enterprise has reached End of Maintenance.
- As of January 2019, Dell Endpoint Security Suite Pro has reached End of Service and this article is no longer updated by Dell.
- This article is no longer updated by Dell. For more information, reference the Product Life Cycle (End of Support and End of Life) Policy for Dell Data Security.
- Reference Endpoint Security for additional information about current products.
Affected Products:
- Dell Encryption
Affected Versions:
- Dell Encryption 11.6 and Earlier
- Dell Endpoint Security Suite Enterprise v3.6 and Earlier
- Dell Endpoint Security Suite Pro v3.6 and Earlier
Affected Operating Systems:
- Microsoft Windows 11
- Microsoft Windows 10
Affected Platforms:
- Latitude 9430
- Latitude 7330
- Latitude 7430
- Latitude 7530
- Latitude 5330
- Latitude 5430
- Latitude 5530
- Latitude 5431
- Latitude 5531
- Computers configured with 12th Generation Intel Core Processors
Computers with 12th generation Intel CPUs may not boot to the Windows login screen with Dell Encryption protection enabled. Instead, they remain on the BIOS or manufacture splash screen. Sometimes, rebooting the machine allows it to boot to the login screen.
Cause
A change was introduced using a BIOS update to address a security issue (CVE-2022-21233) discovered by Intel. This change modified how some CPU identifiers are handled, making them dynamic instead of static.
Dell Encryption monitors CPU identifiers as an anti-tamper protection feature. The changing of CPU identifiers triggers tamper protection alarms during the boot process which results in the computer becoming unresponsive at the SafeBIOS screen, or manufacture BIOS screens.
Resolution
Dell has released Dell Encryption version 11.7.1 and Dell Encryption Security Suite Enterprise 3.7.1 which contains product fixes and enhancements to resolve this issue. Dell Encryption 11.7.1 can be downloaded from the Dell Encryption Drivers & Downloads page.
Workaround:
The current workaround for this issue is to perform an SDE recovery on the computer that has stopped responding at the BIOS screen. An SDE recovery temporarily resolves the issue. The issue returns after multiple reboots or until an updated version of Dell Encryption containing a fix for this issue is released and installed.
NOTE: For steps on performing an SDE recovery, reference the Dell LSA Recovery Guide for Dell Encryption Enterprise and Dell Encryption Personal.
Affected Products
Dell Encryption, Dell Endpoint Security Suite Pro, Dell Endpoint Security Suite Enterprise, Latitude 5330, Latitude 7330, Latitude 5431, Latitude 7430, Latitude 9430, Latitude 5530, Latitude 5531, Latitude 7530, Latitude 5430Article Properties
Article Number: 000209809
Article Type: Solution
Last Modified: 16 Feb 2024
Version: 6
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.