HP PC Commercial BIOS (UEFI) Setup Administration Guide For Commercial Platforms using HP BIOSphere Gen 3-5 2016 -2019 Technical Whitepaper
HP PC Commercial BIOS (UEFI) Setup
June 2019
919946-004
© Copyright 2016-2019 HP Development Company, L.P.
4 Security Menu 18
Table 8 Security Menu features
Feature
Type
Description
Default
Notes
Create BIOS Administrator
Password
Or Change BIOS
Administrator Password
Setting
The administrator password controls access to the
setup menu (F10), 3
rd
Party Option ROM Management
(F3), Update System ROM, WMI commands that
change system settings, and the BIOS Configuration
Utility (BCU). When no administrator password is set,
anyone can change the system settings, add 3
rd
Party
Option ROM, or update the system ROM. When the
power-on password is set, use the administrator
password as an alternative to power-on the system.
Recommendation: Set an administrator password
when a power-on password is set. When a power-on
password is forgotten, an administrator can reset the
power-on password by using Restore Security
Settings to Factory Defaults.
Create POST Power-On
Password
Or Change POST Power-
On Password
Setting
Password required to power-on the PC, independent
of the OS password. When no password is set, anyone
can turn on the PC. In addition to the administrator
password, there is only one power-on password.
Recommendation: Set an administrator password
when a power-on password is set. When a power-on
password is forgotten, an administrator can reset the
power-on password by using Restore Security
Settings to Factory Defaults.
Password Policies
Menu
Allows the administrator to set password
requirements for BIOS administration and power-on
regarding the use of symbols, numbers, case, and
spaces.
Administrator
Authentication Policies
Menu
Allows the administrator to determine whether the
administrator password is required to access various
boot menus through hot keys at boot time, or to
update the firmware through Windows Update.
NOTE: the settings in this menu were previously
located in the Password Policies menu.
Fingerprint Reset on
Reboot
Action
When checked, resets the fingerprint on the next
reboot. After reboot, this will be unchecked again.
Unchecked
TPM Embedded Security
Menu
The Trusted Platform Module (TPM) is a dedicated
microprocessor that provides security functions for
secure communication and software and hardware
integrity. The TPM hardware solution is more secure
than a software only solution.
BIOS Sure Start
Menu
Settings that control the behavior of HP Sure Start.
HP Sure Start is a built-in hardware security system
that protects your BIOS from accidental or malicious
corruption by (1) detecting BIOS corruption and then
(2) automatically restoring the BIOS to its last
installed HP-certified version. Some platforms in
2019 have the capability to recover Intel ME as well.