Technical Whitepaper HP PC Commercial BIOS (UEFI) Setup Administration Guide For Commercial Platforms using HP BIOSphere Gen 3-5 2016 -2019 June 2019 919946-004
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 Table of contents 1 Abstract ................................................................................................................................. 6 2 Introduction ........................................................................................................................... 7 2.1 Supported models ...................................................................................................................................
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 5.6 Secure Boot Configuration Menu ................................................................................................................... 34 5.7 System Options Menu ................................................................................................................................... 35 5.8 Built-in Device Options Menu.............................................................................................................
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 List of tables Table 1 Notebook Generations........................................................................................................................... 7 Table 2 Desktop Generations ............................................................................................................................. 9 Table 3 Main Menu features.......................................................................................................
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 Table 32 Popup messages ................................................................................................................................ 54 Table 33 Custom logo support ......................................................................................................................... 61 Table 34 Custom logo support: command line usage..................................................................................
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 1 Abstract HP redesigned the 2015 and later generations of BIOS to support the requirements of the latest microprocessors and operating systems. HP took this opportunity to create a new BIOS architecture based on the UEFI specification version 2.4, with a common set of core modules and capable of supporting both notebook and desktop models.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 2 Introduction This whitepaper provides detailed information about features adjusted through the F10 BIOS setup menu. The section on computer notifications provides an explanation for the LED blink codes and screen messages that may occur.
HP PC Commercial BIOS (UEFI) Setup Platforms June 2019 919946-004 2015 N Family 2016 P Family 2017 Q Family 2018 Q Family 2019 R Family G5 G6 HP EliteBook 820 / 830 G3 G4 HP EliteBook 755 G3 G4 HP EliteBook 745 G3 G4 G5 G6 HP EliteBook 725 / 735 G3 G4 G5 G6 HP ProBook 470 G3 G4 G5 HP ProBook 450 G3 G4 G5 HP ProBook 440 G3 G4 G5 HP ProBook 430 G3 G4 G5 HP ProBook 445 G3 HP EliteFolio 940 HP EliteBook Folio G5 G6 G3 HP EliteBook Revolve 810 HP Elite
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 Table 2 Desktop Generations Platforms 2015 2016 2017 2018 G1 G2 2019 HP EliteDesk 1000 AiO HP EliteDesk 800 TWR G2 G3 G4 G5 HP EliteDesk 880 TWR G2 G3 G4 G5 HP EliteDesk 800 SFF G2 G3 G4 G5 HP EliteDesk 800 DM G2 G3 G4 G5 HP EliteOne 800 AiO G2 G3 G4 G5 HP EliteDesk 705 MT G2 G3 G4 HP EliteDesk 705 SFF G2 G3 G4 HP EliteDesk 705 DM G2 G3 G4 HP ProDesk 600 MT G2 G3 G4 G5 HP ProDesk 680 MT G
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 3 F10 Main Menu Main Security Advanced UEFI Drivers HP Computer Setup Organization of the F10 section: The hierarchy of the table of contents matches the sequence of the menus found in the F10 Setup menu, currently three levels deep. The top-level tabs are: Main, Security, Advanced, and UEFI Drivers. The next level are the menus found under these tabs. At the beginning of each major section is a diagram of the submenu items for each tab.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 Some actions require a reboot or physical presence. Physical presence is a menu that requires a human response to validate that a person is physically present before the action is completed. Actions that require physical presence are securitysensitive changes.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 3.1 Main Menu The following table describes the features in the Main menu. Table 3 Main Menu features Feature Type Description System Information Menu System information, such as serial number, model number, CPU type, and memory configuration. System Diagnostics Menu Application to run diagnostic tests on your system, such as start-up test, run-in test, memory test, and hard disk test.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 3.3 Update System BIOS Menu This submenu under the Main menu provides information about the current system firmware, settings, these control updates, the ability to check for updates over the internet or on the local network, and the ability to update system firmware from a FAT 32 partition on the hard drive, or a USB disk-on-key. For the BIOS flash to succeed, do not remove power or turn off the system during any phase of the process.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 BIOS Update Preferences Menu Menu with network BIOS update settings such as source, actions when an update is available, and the frequency to check for updates. Network Configuration Settings Menu Configure the network connection to the server that is the host for your system firmware updates.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 3.5 Network Configuration Settings Menu The “System BIOS submenu configures the network connection to the server that is the host for the system firmware updates. Table 6 Network Configuration Settings Menu features Feature Type Description Default Proxy Server Setting When checked, enables the use of a proxy server.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 3.7 System IDs Menu This submenu provides identification strings assigned by an enterprise to track the system. Table 7 System IDs Menu features Level Feature Type Description 2 Asset Tracking Number Setting Allows custom configuration of an asset tag (up to 80 characters). 2 Ownership Tag Setting Allows custom configuration of an ownership tag (up to 80 characters). © Copyright 2016-2019 HP Development Company, L.P.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 4 Security Menu Main Security Advanced UEFI Drivers HP Computer Setup Administrator Tools Create/Change BIOS Administration Password Create/Change POST Power-On Password Password Policies Administrator Authentication Policies Fingerprint Reset on Reboot (select products only) Security Configuration TPM Embedded Security BIOS Sure Start (select products only) Secure Platform Management (SPM) (select products only)
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 Table 8 Security Menu features Feature Create BIOS Administrator Password Or Change BIOS Administrator Password Type Setting Description Default Notes The administrator password controls access to the setup menu (F10), 3rd Party Option ROM Management (F3), Update System ROM, WMI commands that change system settings, and the BIOS Configuration Utility (BCU).
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 Feature Type Description Secure Platform Management (SPM) Menu Options for managing HP Sure Run and HP Sure Recover Physical Presence Interface Smart Cover Trusted Execution Technology (TXT) Enable or disable the local prompt to confirm that a sensitive setting change was requested by the user. Menu Setting Default Checked Controls settings for Cover Lock and Cover Sensor on desktop models.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 4.1 Password Policies Menu This submenu allows the administrator to set text requirements controlling the use of symbols, numbers, case, and spaces for the BIOS administrator password and the power-on password. To access this menu, a password must be already set. Changes to these policies do not apply retroactively to existing passwords.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 4.2 Administrator Authentication Policies Menu This submenu allows the administrator to set limitations to some boot features, such as administrator permissions, requiring the user to enter an administrator password. To access this menu, a password must be already set.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 4.3 Trusted Platform Module (TPM) Embedded Security Menu This submenu for the Trusted Platform Module (TPM.) is a dedicated microprocessor that provides security functions for secure communication and software and hardware integrity. The built-in TPM hardware solution is more secure than a software-only solution.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 4.4 BIOS Sure Start Menu Settings menu for enhanced hardware-based assurance that only HP approved Embedded Controller firmware will run on the HP Embedded Controller and that only HP approved BIOS will run on the host CPU.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 Feature Type Description Default Sure Start Secure Boot Keys Protection Setting Saves backup copy of Secure Boot Keys so that they can be recovered if someone attempts to alter them in an unauthorized manner.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 You cannot provision SPM and activate HP Sure Run directly from the BIOS Setup interface. You can provision SPM using HP Client Security Manager Software or the HP Manageability Integration Kit. When provisioned, the controls in this menu can be used to deprovision the system or deactivate HP Sure Run.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 4.8 Hard Drive Utilities Menu This submenu provides features that protect the data on individual hard drives, such as recovering the master boot record (MBR), preventing unauthorized access, and erasing data.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 4.9 DriveLock/Automatic DriveLock Menu DriveLock prevents unauthorized access to the contents of a selected hard drive. Enter a password to access the drive and the drive is accessible only when attached to a PC. NOTE: DriveLock states cannot change after a warm reboot. Power off the system and then boot directly to the BIOS setup to access these menus. The DriveLock Master and User passwords cannot be changed if you enable Automatic DriveLock.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 5 Advanced Menu Main Security Advanced UEFI Drivers HP Computer Setup Display Language Scheduled Power-On Boot Options HP Sure Recover Secure Boot Configuration System Options Built-In Device Options Port Options Option ROM Launch Policy Power Management Options Remote Management Options (Intel Only) Electronic Labels (Notebook & AiO Only) MAC Address Pass Through (Notebook Only) Thunderbolt
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 5.1 Advanced Menu For detailed information on the features in the advanced menu, see the following table: Table 18 Advanced Menu features Feature Display Language Type Menu Description Default Notes Select the display language and the keyboard language. Choose between 15 languages.
HP PC Commercial BIOS (UEFI) Setup Feature Type June 2019 919946-004 Description Default Settings Menu Settings for Remote HP PC Hardware diagnostics. Execute Remote HP PC Hardware Diagnostics Action When selected, will download and run HP Remote Diagnostics. Notes 5.2 Display Language Menu This submenu allows for selection of the display language and the keyboard language.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 5.3 Scheduled Power-On Menu This submenu controls the days of the week and a single time of day for the system to turn on the computer. This feature wakes the system up from a powered off state. Table 20 Scheduled Power-On Menu features Feature Type Sunday Description Default Notes Setting Days of the week selection. Reboot Required Hour Setting Time selection. 0 Reboot Required Minute Setting Hour: 0 – 23, Minute: 0 – 59.
HP PC Commercial BIOS (UEFI) Setup Feature Type June 2019 919946-004 Description Default Notes Unchecked Notebook Only Notebook Only Power On When Lid is Open Setting When checked, the system turns on when the lid opens. Prompt on Battery Errors Setting When checked, the system pauses during system boot to warn about battery errors. Checked Audio Alerts during boot Setting When checked, errors trigger audible beeps during POST.
HP PC Commercial BIOS (UEFI) Setup Feature Legacy Boot Order Type Setting June 2019 919946-004 Description When checked, allows the system to boot from non-UEFI devices. Default Notes Checked Requires Legacy Boot Enable and Secure Boot Disable. See Secure Boot Configuration > Configure Legacy Support and Secure Boot. When Legacy Boot is Disabled, the check boxes for UEFI Boot Order and Legacy Boot Order are disabled, because only UEFI devices can boot in this mode.
HP PC Commercial BIOS (UEFI) Setup Feature Type Description Provisioning Version: Recovery Image June 2019 919946-004 Default Notes Version of the recovery agent’s provisioning data. This value will be 0 until a scheduled download occurs after a change is made to the recovery agent URL. Not shown unless Recover from Network checked. Label Not shown unless Recover from Network checked. URL: Location of the current recovery image URL. Not shown unless Recover from Network checked.
HP PC Commercial BIOS (UEFI) Setup Ready BIOS for Device Guard Use June 2019 919946-004 Action Ready BIOS for Device Guard Use includes a drop-down box that automatically configures the BIOS settings that Windows requires to enable Device Guar, or to change the configuration back to the configuration before Device Guard was enabled. Device Guard is a Windows feature that enables higher security around drivers and BIOS behavior.
HP PC Commercial BIOS (UEFI) Setup Feature Type June 2019 919946-004 Description Default Notes Turbo Boost Setting When checked, enables Intel Turbo Boost Technology to improve performance when operation conditions allow.
HP PC Commercial BIOS (UEFI) Setup Feature Type June 2019 919946-004 Description Default Notes Wireless Video Module Setting When checked, the Wireless Video module on Slice is available. Checked HP Elite Slice Only Video Ingest Module Setting When checked, the Video Ingest module on Slice is available. Checked HP Elite Slice Only Allow Expansion Modules Setting When unchecked, no expansion modules will be enabled.
HP PC Commercial BIOS (UEFI) Setup Feature Type June 2019 919946-004 Description Default Notes Dynamic Platform and Thermal Framework (DPTF) Setting Manages power and thermal conditions to keep system from overheating.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 5.8 Built-in Device Options Menu This menu provides settings for built-in devices on the system. Table 25 Built-in Device Options Menu features Feature Type Description Default Notes Embedded LAN Controller Setting When checked, enables the integrated network controller. Checked Wake on LAN Setting Allows the system to wake via Local Area Network (LAN).
HP PC Commercial BIOS (UEFI) Setup Feature Type Graphics Setting June 2019 919946-004 Description Default Notes Set the graphics adapter. The following settings are possible and depend on the model of notebook to determine which are present with the default setting: Hybrid Graphics Multiple Graphic Card Notebook Only • Hybrid Graphics • UMA Graphic • Discrete Graphics • Auto (Let OS decide whether hybrid graphics is enabled or disabled).
HP PC Commercial BIOS (UEFI) Setup Feature Type June 2019 919946-004 Description Default Notes Lock Wireless Button Setting Prevent changes to the state of physical wireless enable/disable button. Unchecked Notebook Only Wireless Network Device (WLAN) Setting When checked, enables integrated 802.11 device. Checked Notebook Only Bluetooth Setting When checked, enables integrated Bluetooth® device.
HP PC Commercial BIOS (UEFI) Setup Feature Type June 2019 919946-004 Description Default Notes Wake on LAN in Battery Mode Setting When checked and powered by battery, enables the notebook to wake via LAN. Unchecked Notebook Only Fan Always on while on AC Power Setting When checked, leaves the fan on while running on AC power.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 5.9 Port Options Menu The following table describes various setting options for Ports. Table 26 Port Options Menu features Feature Type Description Default Notes USB Ports Setting Enable or disable all USB ports (legacy ports and type-C ports). Does not include Thunderbolt ports.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 Feature Type Description Default Notes Serial Port (A, B, C, D, C/D, E/F) Setting When checked, enables the specified serial ports. Checked Desktop Only I/O Address (A) (B) (C) (D) Setting The following settings are possible: Auto Desktop Only Auto Desktop Only 0 Volts Retail Point of Sale Systems Only • Auto • 3F8 • 2F8 • 3E8 • 2E8 NOTE: You can set I/O Address only for legacy ports and is useful only in Legacy mode.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 5.10 Option ROM Launch Policy Menu This submenu configures the kind of device option ROM that can load at boot time.
HP PC Commercial BIOS (UEFI) Setup Feature Unique Sleep State Blink Rates Type Setting June 2019 919946-004 Description Default Notes When checked, when the desktop is in the S4 power state, the power LED periodically blinks four times with a pause. Unchecked, the desktop does not blink at all in S4 (the same as S5, power off) Unchecked Desktop Only Unchecked Notebook Only This also affects S3 blink behavior.
HP PC Commercial BIOS (UEFI) Setup Feature Type USB Redirection Support Setting Unconfigure AMT on Next Boot One time action SOL Terminal Emulation Mode June 2019 919946-004 Description Default Notes When checked, enables support for storage redirection through USB Checked Intel Only Do Not Apply Intel Only ANSI Intel Only NOTE: Intel AMT must be correctly provisioned Setting When applied, reset AMT configuration options on next boot.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 Feature Type Description Default Notes Pre-boot HBMA Support Setting Set Host Based MAC Address (HBMA) support in the preboot environment such as PXE. Checked but disabled until Host Based MAC Address is Enabled Notebook Only Windows HBMA Support Setting Set host-based MAC address (HBMA) support in the Windows OS environment.
HP PC Commercial BIOS (UEFI) Setup Feature Thunderbolt Security Level Type Setting June 2019 919946-004 Description Default The following settings are possible: PCIe and DisplayPort – User Authorization • PCIe and DisplayPort – No Security Any Thunderbolt device detected that requests a PCIexpress connection will be connected to the system’s PCiexpress bus without requiring any approval by the local user.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 5.15 Remote HP PC Hardware Diagnostics Settings Table 30 Remote HP PC Hardware Diagnostics Features Feature Type Description Default HP Diagnostic Download URL Setting HP / Custom URL. Custom Download Address Setting Location of Remote Diagnostics, if not obtained from the HP server. Custom Upload Address Setting Custom location to upload Diagnostic logs. User Name Setting (Optional) User Name to access custom Diagnostic location.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 6 UEFI Drivers Main Security Advanced UEFI Drivers HP Computer Setup This feature restarts the system into the 3rd Party Option ROM Management application. You can get to this application directly by pressing F3 during startup 3rd Party Option ROM Management © Copyright 2016-2019 HP Development Company, L.P.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 7 Features Not in F10 Menu These features are BIOS controlled but do not have an option or setting in the F10 menu. Feature Description Default Notes Privacy Panel For privacy panel–equipped notebooks, press fn+f2 to enable or disable privacy panel feature. Use fn+f5 and fn+f6 to decrease or increase the privacy panel brightness. Disabled For select privacy panel notebooks only. © Copyright 2016-2019 HP Development Company, L.P.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 8 Computer Notifications 8.1 Introduction Platforms that support HP PC Commercial BIOS have various mechanisms to indicate errors that occur during Power-OnSelf-Test (POST). The notifications can take several forms, such as: • Blinks and Beeps • On screen notifications that include the following: ○ Preboot messages (BIOS) ○ Pop-up messages within the OS 8.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 8.3 Pop-up Messages Onscreen notification can involve pop-up (toaster) messages. These describe several events involving USB Type-C ports. Note that these messages within the OS require native support in the operating system or that HP notifications software be installed. Table 32 Pop-up messages Event Code Power Adapter Accepted: Matches capabilities to charge while in S3, S4, or S5 power states.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 9 Appendix A 9.1 What is UEFI? Unified Extensible Firmware Interface (UEFI) defines the interface between the operating system and platform firmware during the boot, or start-up process. Compared to BIOS, UEFI supports advanced preboot user interfaces. The UEFI network stack enables implementation on a richer network-based OS deployment environment while still supporting traditional PXE deployments. UEFI supports both IPv4 and IPv6 networks.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 9.5 The UEFI Forum For more information contact the Unified Extensible Firmware Interface (UEFI) Forum, it is a world-class nonprofit industry standards body that works in partnership to enable the evolution of platform technologies. The UEFI Forum champions firmware innovation through industry collaboration and the advocacy of a standardized interface that simplifies and secures platform initialization and firmware bootstrap operations.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 10 Appendix B 10.1 Updating System Firmware with the HP Firmware Update and Recovery Application (Windows Operating Systems only) Current firmware updates for HP commercial platforms (2018 and later) include the HP Firmware Update and Recovery tool (HpFirmwareUpdRec.exe). This utility starts the firmware update process when run with the correct firmware source files for the target platform.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 IMPORTANT: Updating BIOS without suspending BitLocker may cause the loss of access to the encrypted data. BitLocker protection automatically resumes the next time you restart your system. • Suspending BitLocker can be done manually in the Control Panel or can be automated by executing HPBIOSUPDREC command line “HPBIOSUPDREC –b”. • The version of the firmware image in the update file and the firmware version of the current system are displayed.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 10.3 USB Recovery Key Creation If the system BIOS has been corrupted and the device will not boot, another device can be used to create an HP Firmware Recovery USB Key that can be used to recover it. The device used to create the recovery key does not have to be compatible with the BIOS image. • Run the HpFirmwareUpdRec or HpBiosUpdRec application. The main options menu is shown. • Select Create Recovery USB flash drive and then select Next.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 • The USB drive must have FAT32 format. • Select a USB flash drive and click Next. Upon completion, you see that the recovery flash drive was created successfully. • Click Finish to close the wizard. The files can also be manually copied to the EFI partition of the hard drive to support emergency recovery. For 2018 and later the HpFirmwareUpdRec utility extracts the correct binaries from the .bin and .
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 • If the log file cannot be created in the executable folder, it will be created in the first available system temporary folder location, usually “C:\Users\(username)\AppData\Local\Temp” in Windows. 10.5 Custom Logo Support NOTE: Operates in Silent Mode only, will not update firmware. Installation: • Command Line: HpFirmwareUpdRec.exe -e • Custom Logo file will be written to BIOS. Check the log file for success or error.
HP PC Commercial BIOS (UEFI) Setup June 2019 919946-004 10.5.1 Command-line Usage Table 34 Custom logo support: command-line usage Option Comments -f “folder path” Specifies the folder containing firmware update files. -p “password-file” Specifies encrypted password file created with the HpqPswd utility. Valid with all other options. -s Silent mode. Runs without any user interaction or output. -a Eliminates version comparison when -s is present. It is ignored otherwise.
