HP Sure Start Gen3 Available on HP Elite products equipped with 7th generation Intel® Core™ processors - White Paper

ManualsBrandsHP ManualsDesktopsHP EliteBook 840 G4 Notebook PC

Technical whitepaper

HP Sure Start Gen3

Available on HP Elite products equipped with

7th generation Intel

Core

™

processors

January 2017

Summary of content (8 pages)

PAGE 1
Technical whitepaper HP Sure Start Gen3 Available on HP Elite products equipped with 7th generation Intel® Core™ processors January 2017
PAGE 2
HP Sure Start Gen3 Available on HP Elite products equipped with 7th generation Intel® Core™ processors January, 2017 Table of contents 1 HP Sure Start Gen3................................................................................................................ 3 1.1 Background ..................................................................................................................................................... 3 1.2 HP Sure Start Gen3 overview .........................................
PAGE 3
HP Sure Start Gen3 Available on HP Elite products equipped with 7th generation Intel® Core™ processors January, 2017 1 HP Sure Start Gen3 1.1 Background HP has a holistic view of client security that aims to address security at every layer of the client device computing stack. Our focus is not just within the OS or on cloud-based security solutions—we believe that “Below the OS” device firmware and hardware security are also crucial.
PAGE 4
HP Sure Start Gen3 Available on HP Elite products equipped with 7th generation Intel® Core™ processors January, 2017 Note that even in the case of HP Sure Start with Dynamic Protection, the focus is on monitoring the BIOS code in the system flash that is executed by the host CPU at boot.2 This is an important distinction from BIOS code that remains resident in the main (DRAM) memory to provide power management and other critical services after the system has booted to OS.
PAGE 5
HP Sure Start Gen3 Available on HP Elite products equipped with 7th generation Intel® Core™ processors January, 2017 The opportunity that remains is to move beyond not only ensuring that that starting place for HP SMM BIOS code is good at OS start, but to provide mechanisms to ensure that it remains good while the OS is running either by adding new protection capabilities and/or providing a means to detect any attack that manages to bypass the existing mechanisms providing protection for the HP SMM BIOS c
PAGE 6
HP Sure Start Gen3 Available on HP Elite products equipped with 7th generation Intel® Core™ processors January, 2017 1.3.4 Events The HP Sure Start RTID feature will generate events to the HP Sure Start hardware when an attempt to modify the HP SMM BIOS code or any SMM code behavioral anomaly is detected. The HP Sure Start hardware will take the action associated with the event policy configured in BIOS setup.
PAGE 7
HP Sure Start Gen3 Available on HP Elite products equipped with 7th generation Intel® Core™ processors January, 2017 1.4.2 BIOS setting protection overview HP Sure Start Gen3 BIOS setting protection provides the capability to configure the system such that the HP Sure Start hardware is used to back up and provide integrity-checking of all the BIOS settings preferred by the user.
PAGE 8
HP Sure Start Gen3 Available on HP Elite products equipped with 7th generation Intel® Core™ processors January, 2017 As the microprocessor enters SMM, it asserts a hardware output pin, SMI Active (SMIACT). This pin serves notice to the chipset hardware that the microprocessor is entering SMM. An SMI can be asserted at any time, during any process operating mode, except from within SMM itself.