Dell Trusted Device Installation and Administrator Guide v2.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2019 - 2020 Dell Inc. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents 1 Introduction................................................................................................................................. 4 Contact Dell ProSupport.......................................................................................................................................................4 2 Requirements.............................................................................................................................. 5 Prerequisites.........................
1 Introduction The Dell Trusted Device agent is part of the Dell SafeBIOS product portfolio. The Trusted Device agent includes BIOS Verification, Image Capture, and BIOS Events & Indicators of Attack. BIOS Verification provides customers with affirmation that devices are secured below the operating system, a place where IT administrator visibility is lacking. It enables customers to verify BIOS integrity using an off-host process without interrupting the boot process.
2 Requirements • See the table below for a list of supported platforms. NOTE: If the Trusted Device agent is installed on non-Dell platforms, the following error displays. NOTE: If the Trusted Device agent is installed or run on an unsupported platform, the following error displays. Prerequisites Prerequisites • Microsoft .Net Framework 4.5.2 (or later) is required for the installer. The installer does not install the Microsoft .Net Framework component.
NOTE: An asterisk (*) indicates the BIOS Events & Indicators of Attack feature supports the platform. BIOS Verification supports all listed platforms.
Ports • Ensure the Trusted Device agent can communicate with the Dell Cloud by whitelisting port 443. See the following table for more information: Destination Protocol Port service.delltrusteddevicesecurity.com HTTPS 443 api.delltrusteddevicesecurity.
3 Download the Software This section details obtaining the software from dell.com/support. If you already have the software, you can skip this section. Go to dell.com/support to begin. 1. On the Dell Support webpage, select Browse all products. 2. Select Security from the list of products. 3. Select Trusted Device Security. After this selection has been made once, the website remembers.
4. Select the product. Trusted Device 5. Select Drivers & downloads. 6. Select the wanted client operating system type. 7. Select Trusted Device Agent. 8. Select Download .
4 Installation Use one of the following methods to install the Trusted Device agent: • • Interactive Installation Command-Line Installation Interactive Installation The Trusted Device agent installer requires administrative rights. The bit rate of the utility must match the architecture of the host computer operating system. Choose one of the following: • • TrustedDeviceSetup.exe - 32-bit installer TrustedDeviceSetup-64Bit.exe - 64-bit installer 1. Copy TrustedDeviceSetup-64Bit.
7. A status window displays but may take several minutes. 8. Click Finish.
After installation, a browser launches and displays results. See Results, Troubleshooting, and Remediation for more information. Restart the computer to complete installation if prompted. Command-Line Installation • • • • Be sure to enclose a value that contains one or more special characters, such as a blank space in the command line, in escaped quotation marks.
• Option Meaning /qb! Progress dialog without Cancel button - prompts for restart /qb!- Progress dialog without Cancel button - restarts itself after process completion /qn No user interface Parameters: The following table details the parameters available for the installation.
5 Uninstall Trusted Device The user uninstalling must be a local administrator. If uninstalling by command line, domain credentials are required. Use one of the following methods to uninstall the utility: • • Uninstall from Apps & features Uninstall from the Command-Line Uninstall from Apps & Features 1. In Type here to search on the taskbar, type Apps & features. 2. Left-click Dell Trusted Device Agent then left-click Uninstall.
6 Image Capture Administrators can capture images of corrupted or tampered BIOS for analysis and remediation. When run, Trusted Device queries the EFI partition for a corrupt or tampered image. If an image is detected, it is copied from the EFI partition to %PROGRAMDATA%\Dell \TrustedDevice\ImageCapture. If off-host verification fails, Trusted Device copies corrupt or tampered images from memory to %PROGRAMDATA%\Dell\TrustedDevice\ImageCapture.
7 BIOS Events & Indicators of Attack BIOS Events & Indicators of Attack enables administrators to analyze events in the Windows Event Viewer that may indicate bad actors targeting BIOS on enterprise endpoints. Bad actors change BIOS attributes to gain access to enterprise computers locally or remotely. These attack vectors can be monitored then mitigated through the BIOS Events & Indicator of Attack features' ability to monitor BIOS attributes.
8 Run the BIOS Verification Agent Use one of the following methods to run the agent: • • Interactively Command Line NOTE: If you attempt to run the BIOS Verification agent on an unsupported platform, Platform Not Supported displays. NOTE: The Dell Trusted Device agent determines Dell platform support at runtime. Run the BIOS Verification Agent by Schedule To schedule BIOS Verification agent to run at set intervals or to trigger execution by events, see Microsoft Task Scheduler documentation here.
NOTE: If the utility is unable to determine BIOS state, browser-based results do not display. See Results, Troubleshooting, and Remediation for error codes. Run the BIOS Verification Agent with Command Line The following table details optional command-line arguments.
Parameters Meaning -noncestring The parameter is a base64 encoded nonce. The string is base64 decoded, and the result becomes the nonce. If the decoded nonce is larger than 1024 bytes, an ArgumentException error is thrown. 1. 2. 3. 4. Open Command Prompt with administrative privileges. Go to the directory containing the utility. Type Dell.TrustedDevice.Service.Console.exe then press Enter. A browser launches automatically and displays BIOS results.
9 Results, Troubleshooting, and Remediation This chapter details reviewing results, troubleshooting, and remediating a corrupt or tampered BIOS image. Results After running the BIOS Verification agent, results are written to C:\ProgramData\Dell\TrustedDevice\, the %ERRORLEVEL% environment, the Event Viewer, and the registry. %PROGRAMDATA% The Trusted Device agent writes logs and JSON formatted results to C:\ProgramData\Dell\TrustedDevice\.
Registry The Trusted Device agent's results are written to the registry each time the BIOS Verification agent is run. All BIOS Verification, Image Capture, and BIOS Events & Indicators of Attack registry keys are located at HKLM\Software\Dell\TrustedDevice. Off-host Verification • This entry stores the pass/fail status of off-host verification in JSON format. HKLM\Software\Dell\BiosVerification Result.
Value (in decimal) = 2000 - reads a different BIOS attribute every 2000 ms Troubleshooting If BIOS results are unavailable, browser-based results do not display. Refer to the following table for error codes. Error Code Meaning Additional Information 0 Verification passed The local BIOS is verified against a known-good Dell BIOS. 1 Verification failed The local BIOS failed verification against a known-good Dell BIOS. 2 The verification result is tampered The verification result is tampered.