HP PC Commercial BIOS (UEFI) Setup Administration Guide For Commercial Platforms using HP BIOSphere Gen 3-5 2016 -2019 Technical Whitepaper

ManualsBrandsHP ManualsDesktopsHP EliteBook x360 1020 G2

HP PC Commercial BIOS (UEFI) Setup

June 2019

919946-004

4 Security Menu 24

Feature

Type

Description

Default

Notes

 Sure Start Secure

Boot Keys

Protection

Setting

Saves backup copy of Secure Boot Keys so that they can

be recovered if someone attempts to alter them in an

unauthorized manner.

Unchecked

 Enhanced HP

Firmware Runtime

Intrusion Prevention

and Detection

Setting

Monitors key areas of memory for corruption or attack,

notifies user of attack (based on the settings in Sure

Start Security Event Policy), and prevents the attack

from taking place.

NOTE: Only available on certain Intel systems.

Checked

 HP Firmware

Runtime Intrusion

Detection

Setting

Monitors key areas of memory for corruption or attack

and notifies user of attack (based on the settings in Sure

Start Security Event Policy).

NOTE: Only available on certain AMD chipset systems

2016 or later.

Checked

Sure Start Security

Event Policy

Setting

Determines how to respond to a detected event:

• Log the event in the audit log.

• Log the event in the audit log and prompt the

user to acknowledge the event.

• Log the event in the audit log and power off the

system.

Prior to 2016: Not available

Log Event and

notify user

Sure Start Security

Event Boot

Notification

Enable a warning message at boot screen if there is a

Sure Start event (BIOS recovery, Memory intrusion, etc.)

Require

Acknowledgment

4.5 Smart Cover Menu (Desktop Only)

This submenu controls settings for Cover Lock and Cover Sensor.

Table 13 Smart Cover Menu features

Feature

Type

Description

Default

Notes

Cover

Lock

Setting

The Smart Cover Lock is a software-controllable solenoid lock. This lock

restricts unauthorized access to the system’s internal components. The

following settings are possible:

• Lock

• Unlock

Unlock

Desktop

with Cover

Lock

Reboot

Required

Cover

Removal

Sensor

Setting

The Cover Removal Sensor has the following settings:

• Disabled

• Notify the User: Displays warning message on next boot if opened.

• Administrator Password (when password is set): Requires entering

the administrator password before continuing to boot after the cover

is opened.

Disable

Desktop

with Cover

Sensor

Reboot

Required

4.6 Secure Platform Management (SPM)

This submenu controls settings for Secure Platform Management that are used for secure enablement and management of

the HP Sure Run and Sure Recover capabilities.