HP Sure Start with Runtime Intrusion Detection - White Paper
As implemented on HP EliteBook products equipped with  
7th generation AMD processors 
January 2017 
 HP Sure Start with Runtime Intrusion Detection 
© Copyright 2017 HP Inc. 
1 HP Sure Start with Runtime  
Intrusion Detection 6 
1.3.4 Events 
The HP Sure Start RTID feature will generate events to the HP Sure Start hardware when any modification to the  
HP SMM BIOS code is detected. The HP Sure Start hardware will take the action associated with the event policy configured 
in BIOS setup.  
Regardless of the event policy setting, the event will always be logged in to the HP Sure Start audit log, and the local user 
will receive a notification from BIOS on the next boot subsequent to an RTID event. 
1.3.5 Policy controls 
The RTID feature is enabled by default for all platforms shipped from the HP factory. There is no need for the end 
customer/administrator to enable or otherwise “deploy” the feature to take advantage of HP Sure Start RTID! 
There are two BIOS policies related to the RTID feature that can optionally be configured by the platform 
owner/administrator: 
  HP Firmware Runtime Intrusion Detection (enable/disable) 
  Sure Start Security Event Policy 
1.3.5.1. HP firmware Runtime Intrusion Detection 
This BIOS policy setting will enable or disable the RTID capability. The default setting for this policy is enabled. 
1.3.5.2. Sure Start security event policy 
This BIOS policy setting controls what action is taken when the RTID feature detects an attack or attempted attack. There 
are three possible configurations for this policy: 
  Log event only: When this setting is selected, the HP Sure Start hardware will log detection events, which can be 
viewed in the “Applications and Services Logs/HP Sure Start” path of the Microsoft Windows Event Viewer.
3
  Log event and notify user: This is the default setting. When this setting is selected, the HP Sure Start hardware will 
log detection events, which can be viewed in the “Applications and Services Logs/HP Sure Start” path of the 
Microsoft Windows Event Viewer. Additionally, the user will be prompted within windows that the event occurred.
4
  Log event and power off system: When this setting is selected, the HP Sure Start hardware will log detection 
events, which can be viewed in the “Applications and Services Logs/HP Sure Start” path of the Microsoft Windows 
Event Viewer. Additionally, the user will be prompted within windows that the event occurred and the system 
shutdown is imminent. 
1.4 BIOS setting protection 
1.4.1 Context 
The baseline HP Sure Start verifies the integrity and authenticity of the of the HP BIOS code. Since this code is static after it is 
created by HP, digital signatures can be used to confirm both attributes of the code. The dynamic and user configurable 
nature of BIOS settings creates additional challenges to protecting those settings as digital signatures cannot be generated 
by HP and used by the HP Sure Start hardware to verify those settings. 








