Chassis Intrusion - dell/EUCTechHub GitHub Wiki

Several Dell Commercial Clients have a chassis intrusion detection circuitry and logging capability that can be monitored via common systems management platforms. This supports early detection as soon as the chassis has been opened, typically the first sign of a physical attack.

NOTE: This feature is now also available for Latitude Notebooks (xx20 or 2021 Generation) and Dell Precision Workstation Notebooks

BIOS Setup Overview

If a platform is supporting this feature, you will have a menu-item in BIOS as shown in the following picture:

WIN_20210813_14_46_48_Pro

As you can see from picture above there are 4 Settings for Chassis Intrusion in BIOS:

  • Disabled: Chassis Intrusion is deactivated
  • Enabled: Chassis Intrusion is enabled and if an intrusion is detected it will report during POST
  • On-Silent: Chassis Intrusion is enabled and if an intrusion is detected it will not display information during POST, but it can be monitored remotely
  • Clear Intrusion Warning: This feature is only active, when Chassis Intrusion is detected

Example 1 - Show current value of "ChasIntrusion":

Note: This example is leveraging direct WMI capabilities

Get-WmiObject -Namespace root/dcim/sysman/biosattributes -Class EnumerationAttribute | Where-Object {$_.AttributeName -eq "ChasIntrusion"} | select currentvalue

Example 2 - Change from default setting (“SilentEnable”) to “Enabled”:

Note: This example is leveraging direct WMI capabilities

$Intrusion= Get-WMIObject -Namespace root/dcim/sysman/biosattributes -class BIOSAttributeInterface

$Intrusion.SetAttribute(0,0,0,"ChasIntrusion","Enabled")

Example 3 - Reset a device with Chassis Intrusion (from "Tripped" to "Door closed")

Note: This example is leveraging Dell Command Monitor

As you can see from picture below, the device door was opened and closed. Thus status of Chassis Intrusion (CurrentValue) is 1 (Tripped). With the next line of code, leveraging value "4" (Trip reset) it will be reset to value "3" (Door closed). Now the system is able to detect the next chassis intrusion.

image

References

Dell Command Monitor DCIM_Chassis

Dell Command Monitor DCIM_BIOSEnumeration

Dell Command Monitor User’s Guide

Dell Latitude 5420 Service Manual – System setup options

Dell Agentless Client Manageability Technical Whitepaper (aka Direct WMI Capabilities)

Author(s):

Mesut Kaptanoğlu