Manualshelf

HP Sure Start Automatic Firmware Intrusion Detection and Repair System - White Paper

ManualsBrandsHP ManualsDesktopsHP EliteBook 820 G3 Notebook PC
12345678910
May 2016
902696-002
HP Sure Start Technical White Paper
© Copyright 2016 HP Development Company, L.P.
3 Architectural Overview & Capabilities 6
The HP Sure Start design ensures that all the firmware and BIOS code running on both the HP Sure Start Embedded
Controller and the Host CPU is the code HP intended to be on the device.
NOTE:
The System Flash Boot Block integrity checking and any needed recovery performed by the Embedded Controller takes
place while the Host CPU is off. Therefore, from a user point of view, the entire operation takes place when the system is
still off, in sleep mode, or hibernate mode.
The System Flash BIOS Boot Block is the foundation of the HP BIOS. HP Sure Start hardware guarantees that the BIOS Boot
Block is the first code that the CPU executes after a reset. Once the Sure Start Embedded Controller determines that the
BIOS Boot Block contains authentic HP code, it allows the system to boot as it normally would.
3.2 HP BIOS
An enhanced adaptation of HP BIOS Protection is one of the ingredients of HP Sure Start contained within the HP BIOS Boot
Block. This enhancement provides NIST 800-147 conformant HP Boot Block code with the ability to use industry standard
strong cryptographic methods to verify integrity of the remainder of the BIOS before passing execution control to it. In
addition, the code has the ability to securely recover all pieces of the BIOS required for proper operation from a variety of
sources. These sources include backups within the System Flash, Hard Drive, or USB key. Figure 3 illustrates the simplified
system architecture and depicts the HP Sure Start capabilities built in the HP Boot Block code that executes on the Host
CPU.
Figure 3 HP Sure Start BIOS Boot Block Capabilities
Boot Block (BB)
BIOS
System Flash
BIOS Copy
Host CPU
1
2
3
1
Integrity check BIOS before passing execution control
2
If BIOS is bad, recover from copy within System Flash or HP Sure Start Private Flash
3
HP Sure Start can alternatively recover from a copy of BIOS stored on the HP_Tools
partition of the hard drive, or an external USB key
HP Sure Start BIOS Boot Block Capabilities