HP PC Commercial BIOS (UEFI) Setup Administration Guide For Business Notebook and Desktop 2015 Models - Technical whitepaper

ManualsBrandsHP ManualsDesktopsHP EliteBook 840 G3 Notebook PC

May 2016

857394-002

HP PC Commercial BIOS (UEFI) Setup

4 Security Menu 22

4.2 Trusted Platform Module (TPM) Embedded Security Menu

This sub-menu for the Trusted Platform Module (TPM.) is a dedicated microprocessor that provides security functions for

secure communication and software and hardware integrity. The built in TPM hardware solution is more secure than a

software only solution.

Table 11 TPM Embedded Security Menu features

Feature

Type

Description

Default

Notes

TPM

Activation

Policy

Setting

This setting allows an administrator to choose between

convenience and extra security. The extra security is to ensure

that the user of the system will at least see that the TPM device

upgraded its firmware (F1 to Boot), or at most the user has the

ability to reject the upgrade of the TPM device (Allow user to

reject.) These user prompts limit the impact of remote attacks

on the system by requiring a user to be physically present for the

upgrade. When security of the system is of less concern, the

third option (No prompts) removes any requirement for a user to

acknowledge the upgrade. This last option is the most

convenient for remotely upgrading many systems at once.

The following settings are possible:

 F1 to Boot

 Allow user to reject

 No prompts

Allow

user to

reject

HP recommends an

option that

requires the

physical presence

of the user

TPM

Specification

Version

Display

Only

The Trusted Computing Group (TCG) is an industry group that

defines specifications for a TPM. As of this writing, possible TPM

specification versions are 1.2 or 2.0.

2014 Notebook and Desktop: New

TPM Device

Setting

Makes the TPM available. The following settings are possible:

 Available

 Hidden

2014 Desktop: Security -> Device Security -> Embedded

Security Device

Available

Reboot, Physical

Presence Required

 TPM State

Setting

When checked, enables the ability for the OS to take ownership

of the TPM

2014 Notebook: Security -> TPM Embedded Security ->

Embedded Security Device State

2014 Desktop: Security -> System Security -> Embedded

Security Device

Checked

Reboot, Physical

Presence Required

Clear TPM

Action

When selected, clears the TPM on the next boot. After clearing

the TPM, this resets to No. The following settings are possible:

 No

 On next boot

2014 Notebook: Security -> TPM Embedded Security ->TPM

Reset to Factory Defaults

2014 Desktop: Security -> System Security -> Embedded

Security Device->Reset to Factory Settings

Reboot Required