White Papers

Table Of Contents

Security Risk Protection Score

Action Level

Event ID Task Category

Pass Informational

13 4

Pass with warnings Warning

14 4

Fail Error

15 4

Registry

The Trusted Device agent's results are written to the registry each time the BIOS Verification agent is run. All BIOS Verification,

Image Capture, and BIOS Events & Indicators of Attack registry keys are located at HKLM\Software\Dell\TrustedDevice.

Off-host Verification

● This entry stores the pass and fail status of off-host verification in JSON format.

HKLM\Software\Dell\BiosVerification

Result.json

"biosVerification":"True"=Pass

"biosVerification":"False"=Fail

Image Capture

● This entry stores the location of the image store and is updated when the -updateimagestore parameter is used.

HKLM\Software\Dell\TrustedDevice

"ImagePathStore"=string

● Determine if an image was present on the last Image Capture run. This value will not exist if Image Capture has not run.

HKLM\Software\Dell\TrustedDevice

"ImagePresentOnLastRun"=DWORD

DWORD=1 - Image was present on last run.

DWORD=0 - Image was not present on last run.

● Image store path in which the last image was copied. This value will not exist if no images are captured.

"LastImagePath"=string

● Timestamp of the last copied image.

"LastCopyTimeStamp"=string

● This private key verifies the images in the store.

"PrivateKeyBlob"=string

NOTE: End users should not modify this entry as it prevents the product from functioning properly.

● A public key used to verify the images in the store.

"PublicKeyBlob"=string

NOTE: End users should not modify this entry as it prevents the product from functioning properly.

BIOS Attributes Polling Interval

● This entry configures the time period in seconds between BIOS attribute sweeps.

HKLM\SOFTWARE\Dell\TrustedDevice\

DWORD=SecondsBetweenAttributeSweeps

Minimum value in seconds = 3600 (1 hour)

Results, troubleshooting, and remediation