HP Sure Start with Runtime Intrusion Detection - White Paper

The HP Sure Start RTID feature will generate events to the HP Sure Start hardware when any modification to the

HP SMM BIOS code is detected. The HP Sure Start hardware will take the action associated with the event policy configured

in BIOS setup.

Regardless of the event policy setting, the event will always be logged in to the HP Sure Start audit log, and the local user

will receive a notification from BIOS on the next boot subsequent to an RTID event.

1.3.5 Policy controls

The RTID feature is enabled by default for all platforms shipped from the HP factory. There is no need for the end

This BIOS policy setting will enable or disable the RTID capability. The default setting for this policy is enabled.

This BIOS policy setting controls what action is taken when the RTID feature detects an attack or attempted attack. There

are three possible configurations for this policy:

viewed in the “Applications and Services Logs/HP Sure Start” path of the Microsoft Windows Event Viewer.

log detection events, which can be viewed in the “Applications and Services Logs/HP Sure Start” path of the

Microsoft Windows Event Viewer. Additionally, the user will be prompted within windows that the event occurred.

1.4.1 Context

The baseline HP Sure Start verifies the integrity and authenticity of the of the HP BIOS code. Since this code is static after it is

created by HP, digital signatures can be used to confirm both attributes of the code. The dynamic and user configurable

nature of BIOS settings creates additional challenges to protecting those settings as digital signatures cannot be generated

by HP and used by the HP Sure Start hardware to verify those settings.