HP Sure Start Gen3 Available on HP Elite products equipped with 7th generation Intel® Core™ processors - White Paper
Available on HP Elite products equipped with
7th generation Intel® Core™ processors
January, 2017
HP Sure Start Gen3
© Copyright 2017 HP Inc.
1 HP Sure Start Gen3 5
The opportunity that remains is to move beyond not only ensuring that that starting place for HP SMM BIOS code is good at
OS start, but to provide mechanisms to ensure that it remains good while the OS is running either by adding new protection
capabilities and/or providing a means to detect any attack that manages to bypass the existing mechanisms providing
protection for the HP SMM BIOS code.
1.3.3 Runtime Intrusion Detection architecture
Figure 2 provides details on the Runtime Intrusion Detection (RTID) capability implementation. The RTID feature utilizes
specialized hardware in the platform chipset to detect attempts to modify the Runtime HP SMM BIOS. Additionally, the
chipset hardware is used to enforce behavioral restrictions on the code running in an SMM context to provide the ability to
detect and report any behaviors that are indicative of compromised SMM code. Detection of any of these conditions results
in a notification to the HP Sure Start hardware, which can take the configured policy action independent of the CPU.
Figure 2 Runtime Intrusion Detection architecture (applies to HP Elite products equipped with 7th generation Intel
®
Core
™
processors and higher)