HP Sure Recover - White Paper
HP Sure Recover
L49622-001, October 2018
HP Sure Recover is enabled by default but can be disabled by the local user via F10 setup or the HP Client Security Manager Software that is pre-
installed in the HP image. HP Client Security Manager can also be used to manage policies locally. Alternatively, HP Sure Recover can be securely
enabled and configured remotely using the HP Manageability Integration Kit (MIK) for Microsoft® System Center Configuration Manager (SCCM).
Images can be installed from HP repositories or from custom image repositories managed by the system administrator in either the public or private
cloud. Custom images can be created with standard tools such as the Windows Assessment and Deployment Kit (Windows ADK).
The process for creating custom images is simple: use the Windows ADK to create an image in a Windows IMaging (WIM) format file, create a manifest
containing a version header, the sha256sum hash of the image, its filename, and its file size in bytes, then sign the manifest with your private key.
Place the image, manifest, and signature file in a public or private cloud repository, and then provision the system with the location of the image
repository and corresponding public key.
HP Sure Recover can be configured remotely via the HP MIK plugin.
Figure 3: Remote configuration
Local users can configure HP Sure Recover using the HP Client Security Manager.
Remote server
Windows
HP MIK agent
Microsoft SCCM
HP Sure Recover
configuration
HP Sure Recover
configuration
HP Endpoint
Security Controller
HP MIK plugin
for SCCM
Protected non-volatile storage
Remote
Administrator
HP Sure Recover
configuration
HP Endpoint
Security Controller
Protected non-volatile storage
Windows
HP Client Security Manager
HP Sure Recover
Figure 4: Remote configuration
Local
User