HP Sure Start Gen3 Available on HP Elite products equipped with 7th generation Intel® Core™ processors - White Paper

Note that even in the case of HP Sure Start with Dynamic Protection, the focus is on monitoring the BIOS code in the system

flash that is executed by the host CPU at boot.

main (DRAM) memory to provide power management and other critical services after the system has booted to OS. Next,

we explore that distinction in greater detail.

“Pre-OS” BIOS support include video drivers, PXE boot support, keyboard and mouse drivers, pre-boot authentication, and

unlocking of mass storage encryption, to name a few. Most of these routines are no longer needed once the OS is running,

since the capabilities are either only relevant before handoff to the OS, or the OS has its own drivers.

However, there is a portion of BIOS that remains in DRAM that is needed to provide advanced power-management

features, OS services, and other OS-independent functions while the OS is running. This BIOS code, referred to as System

Management Mode (SMM) code, resides in a special area within the DRAM that is hidden from the OS.

code as “Runtime” BIOS code in the context of HP Sure Start Runtime Intrusion Detection.

The integrity of SMM code is critical to the client device security posture. The baseline HP Sure Start implementation

provides assurance that all code is Genuine HP BIOS each time the system starts, including the SMM code that is present in