Technical Whitepaper HP PC Commercial BIOS (UEFI) Setup Administration Guide For Commercial Platforms using HP BIOSphere Gen 3-5 2016 -2018 August 2018 919946-003
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 Table of contents 1 Abstract ................................................................................................................................. 5 2 Introduction ........................................................................................................................... 6 2.1 Supported models .................................................................................................................................
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 5.9 Port Options Menu......................................................................................................................................... 38 5.10 Option ROM Launch Policy Menu ................................................................................................................. 41 5.11 Power Management Options Menu .......................................................................................................
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 List of tables Table 1 Notebook Generations ........................................................................................................................6 Table 2 Desktop Generations ...........................................................................................................................8 Table 3 Main Menu features ..........................................................................................................
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 1 Abstract HP redesigned the 2015 and later generation of BIOS to support the requirements of the latest CPU and operating systems. HP took this opportunity to create a new BIOS architecture based on the UEFI specification version 2.4, with a common set of core modules and capable of supporting both notebook and desktop models.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 2 Introduction This white paper provides detailed information about features adjusted through the F10 BIOS setup menu. The section on computer notifications provides an explanation for the LED blink codes and screen messages that may occur.
HP PC Commercial BIOS (UEFI) Setup Platforms August 2018 919946-003 2015 “N” Family 2016 “P” Family 2017 “Q” Family HP EliteBook 725 G3 G4 HP ProBook 470 G3 G4 G5 HP ProBook 450 G3 G4 G5 HP ProBook 440 G3 G4 G5 HP ProBook 430 G3 G4 G5 HP ProBook 445 G3 HP EliteFolio 940 HP EliteBook Folio HP EliteBook 2018 “Q” Family G5 G5 G3 Revolve 810 G3 HP ProBook G2 HP ZBook Studio G3 G4 G5 HP ZBook 14u HP ProBook 455 G3 G4 HP ProBook 640 G3 G4 HP ProBook 645 G3
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 Table 2 Desktop Generations Platforms 2015 2016 2017 2018 G1 G2 HP EliteDesk 1000 AiO HP EliteDesk 800 TWR G2 G3 G4 HP EliteDesk 880 TWR G2 G3 G4 HP EliteDesk 800 SFF G2 G3 G4 HP EliteDesk 800 DM G2 G3 G4 HP EliteOne 800 AiO G2 G3 G4 HP EliteDesk 705 MT G2 G3 G4 HP EliteDesk 705 SFF G2 G3 G4 HP EliteDesk 705 DM G2 G3 G4 HP ProDesk 600 MT G2 G3 G4 HP ProDesk 680 MT G2 G3 G4 HP ProDesk 600 S
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 3 F10 Main Menu Main Security Advanced UEFI Drivers HP Computer Setup Organization of the F 10 section: The hierarchy of the table of contents matches the sequence of the menus found in the F10 Setup menu, currently three levels deep. The top-level tabs are: Main, Security, Advanced and UEFI Drivers. The next level are the menus found under these tabs. At the beginning of each major section is a diagram of the sub-menu items for each tab.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 Notes Some features are not available for all types of models. The notes will describe when a feature is only available on select products. Some actions require a reboot or physical presence. Physical presence is a menu that requires a human response to validate that a person is physically present before the action is completed. Actions that require physical presence are security sensitive changes.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 3.1 Main Menu For detailed information on the features in the main menu, see the following table. Table 3 Main Menu features Feature Type Description System Information Menu System information, such as serial number, model number, Asset Tracking Number, CPU type, and memory size, UUID, SKU, and Born on Date.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 2. The screen is black; the system blinks one LED and makes a steady beeping sound. This is the system flashing the boot block. Video cannot display during this phase; so, the LED and the beep are the only way to let you know that the system is flashing normally. 3. (Sure Start enabled systems only) A screen indicates that the system is copying the DXE to the HP Security Device 4. The screen is black for a short period, and then the OS starts.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 Table 5 BIOS Update Preferences Menu features Feature Type Description Default Notes Check for Update on Next Reboot Action When checked, check if an updated BIOS is available during the next boot. This feature is only necessary from a WMI call. From the F10 Setup menu use the feature “Main -> Update System BIOS -> Check the Network for BIOS Updates” that will check for updates without a reboot.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 Feature Type Description IPv4 Subnet Mask Setting When IPv4 settings are manual, configure a valid IPv4 address for subnet mask IPv4 Gateway Setting When IPv4 settings are manual, configure a valid IPv4 address for gateway. DNS Configuration Setting Configure a list of DNS addresses.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 4 Security Menu Main Security Advanced UEFI Drivers HP Computer Setup Administrator Tools Create/Change BIOS Administration Password Create/Change POST Power-On Password Fingerprint Reset on Reboot (select products only) Password Policies Security Configuration TPM Embedded Security BIOS Sure Start Smart Cover (select products only) Secure Platform Management (SPM) Physical Presence Interface Trusted Executio
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 4.1 Security Menu For detailed information on the features in the security menu, see the following table.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 Feature Type Description Smart Cover Menu Controls settings for Cover Lock and Cover Sensor on a desktop models. Trusted Execution Technology (TXT) Setting When checked, enables Trusted Execution Technology on select Intel-based systems Default Desktop only with a Cover Lock Unchecked Setting Enables Intel Software Guard Extensions.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 4.2 Password Policies Menu This sub-menu allows the administrator to set text requirements controlling the use of symbols, numbers, case and spaces for the BIOS administration password and the power-on password. To set these requirements an administration password must be already set.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 4.3 Trusted Platform Module (TPM) Embedded Security Menu This sub-menu for the Trusted Platform Module (TPM.) is a dedicated microprocessor that provides security functions for secure communication and software and hardware integrity. The built in TPM hardware solution is more secure than a software only solution.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 4.4 BIOS Sure Start Menu Settings menu for Enhanced hardware based assurance that only HP approved Embedded Controller firmware will run on the HP Embedded Controller and that only HP approved BIOS will run on the host CPU.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 Feature Type Description Default Notes Sure Start BIOS Settings Protection Setting Protects critical BIOS Settings by saving a backup copy and restoring them if altered. Unchecked Greyed out until admin password is set. Sure Start Secure Boot Keys Protection Setting Saves backup copy of Secure Boot Keys on private ROM, so that they can be recovered if someone attempts to alter them in an unauthorized manner.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 4.6 Secure Platform Management (SPM) This sub-menu controls settings for Secure Platform Management that are used for secure enablement and management of the HP Sure Run and Sure Recover capabilities. The provisioning of SPM and activation of HP Sure Run can not be performed directly from the BIOS Setup interface. It can be provisioned using HP Client Security Manager Software or the HP Manageability Integration Kit.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 4.7 Hard Drive Utilities Menu This sub-menu provides features that protect the data on individual hard drives, such as: recovering the master boot record, preventing unauthorized access and erasing data.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 4.8 DriveLock/Automatic DriveLock Menu DriveLock prevents unauthorized access to the contents of a selected hard drive. Enter a password to access the drive and the drive is accessible only when attached to a PC. NOTE: DriveLock states cannot change after a warm reboot. Power off the system then boot directly to the setup menu, then to this menu. The DriveLock Master and User passwords cannot be changed if you enable Automatic DriveLock.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 5 Advanced Menu Main Security Advanced UEFI Drivers HP Computer Setup Display Language Scheduled Power-On Boot Options HP Sure Recover Secure Boot Configuration System Options Built-In Device Options Port Options Option ROM Launch Policy Power Management Options Remote Management Options (select products only) Electronic Labels (select products only) MAC Address Pass Through (select products o
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 5.1 Advanced Menu For detailed information on the features in the advanced menu, see the following table. Table 16 Advanced Menu features Feature Type Description Display Language Menu Select the display language and the keyboard language. Choose between 14 languages.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 Feature Type Description Default Execute Remote HP PC Hardware Diagnostics Action When selected, will download and run HP Remote Diagnostics Notes 5.2 Display Language Menu This sub-menu allows for selection of the display language and the keyboard language.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 5.4 Boot Options Menu Sub-menu controls the behavior of the system during boot up Table 19 Boot Options Menu features Feature Type Description Default Startup Menu Delay Setting Select the number of seconds (0 – 60) to pause the boot before starting the OS. Increasing the delay, gives more time to press a key that opens one of the BIOS menus. Set this to 0 if you have excellent twitch reflexes honed from a lifetime of video games.
HP PC Commercial BIOS (UEFI) Setup Feature Type UEFI Boot Order August 2018 919946-003 Description Default When checked, allows the system to boot from UEFI devices. Checked Notes When Legacy Boot is Disabled, the check boxes for UEFI Boot Order and Legacy Boot Order will grayed out and not functional, because only UEFI devices can boot in this mode. When enabling the UEFI Boot Order, the system attempts to boot from all UEFI devices before any non-UEFI devices.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 5.5 HP Sure Recover Table 20 HP Sure Recover Feature Type Description Default HP Sure Recover Setting If this setting is enabled and HP Sure Recover is launched, the system firmware will honor local and remote requests to reinstall the OS. If it is disabled, all requests to reinstall the OS will be ignored Enable Recover from Network Setting If this is enabled, the system firmware will obtain the recovery agent from the network.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 5.6 Secure Boot Configuration Menu Submenu to configure Secure Boot. Starting with Windows 8, Secure Boot is a UEFI feature that helps resist attacks and infection from malware. From the factory, your system came with a list of keys that identify trusted hardware, firmware, and an operating system loader code. It also created a list of keys to identify known malware.
HP PC Commercial BIOS (UEFI) Setup Ready BIOS for Device Guard Use August 2018 919946-003 Action “Ready BIOS for Device Guard Use” includes a drop down that will allow the user to set up the BIOS configuration Windows requires to enable Device Guard, or change the configuration back to the configuration before Device Guard was enabled. Device Guard is a Windows feature that enables higher security around drivers and BIOS behavior.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 Feature Type Description Default Notes Hyperthreading (Intel® HT) Setting When checked, enables Hyper-threading capability on Intel processors Checked Intel CPU with hyper-threading only Intel HT Technology (HT) is designed to improve performance of multi-threaded software products and requires a computer system with a processor supporting HT and an HT-enabled chipset, BIOS and OS.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 Feature Type Description Default Notes Allow PCIe/PCI SERR# Interrupt Setting When checked, enables PCI device to generate SERR# (System Error), as defined by the PCI specification. Checked Desktop only Power Button Override Setting Sets the time required to hold the power button down for the desktop to turn off, overriding the power button behavior defined by the operating system.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 Feature Type Description Default Wake on WLAN Setting Allows the system to wake via Wireless Local Area Network (WLAN), provided the system is equipped with this device. The following settings are possible: Unchecked Dust Filter Setting Dust Filter Reminder (Days) Integrated Video Setting VGA Boot Device Video Memory Size Setting • Disabled • Boot to Hard Drive Notes When checked, enables the dust filter reminder.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 Feature Type Description Default Notes Graphics Setting Set the graphics adapter. The following settings are possible and depend on the model of notebook to determine which are present along with what the default is set to: Hybrid Graphics Multiple Graphic Card Notebook only Audio Device Setting • Hybrid Graphics • UMA Graphic • Discrete Graphics • Auto (Let OS Decide if hybrid graphics is enabled or disabled).
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 Feature Type Description Default Notes Wake on LAN in Battery Mode Setting When checked and powered by battery, enables the notebook to wake via LAN. Unchecked Notebook only Fan Always on while on AC Power Setting When checked, leaves the fan on while running on AC power.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 5.9 Port Options Menu For detailed information on the features in the port options menu, see the following table.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 Feature Type Description Default Require BIOS PW to change Thunderbolt Security Level Setting When checked, enables BIOS PW requirement to change Thunderbolt Security Level Checked Thunderbolt PCIe Hot Plug Setting The following settings are possible: Legacy • Legacy Mode • Native + Lower Power Mode Notes Smart Card Setting When checked, enables integrated Smart Card slot Checked Notebook only Smart Card Power Savings
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 Feature Type Description Default Notes Voltage (A, B, C, D) Setting Powered Serial port voltage selection on RPOS units that include this HW. 0 Volts Retail Point of Sale Systems only M.2 SSD 1 Setting Enable or Disable M.2 SSD storage device. Enable M.2 SSD 2 Setting Enable or Disable M.2 SSD storage device. Enable USB Ports Setting Enable or disable all USB ports.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 5.10 Option ROM Launch Policy Menu This menu under the advanced menu configures the kind of device option ROM that can load at boot time.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 Feature Type Description Default Notes Unique Sleep State Blink Rates Setting When checked, when the desktop is in the S4 power state, the power LED periodically blinks 4 times with a pause. Unchecked, the desktop will not blink at all in S4 (the same as S5, power off) Unchecked Desktop only This also affects S3 blink behavior.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 Feature Type Description Default Notes SOL Terminal Emulation Mode Setting Specifies the Serial Over Lan (SOL) terminal emulation mode. The following settings are possible: ANSI Intel only • ANSI • VT100 Show Unconfigure ME Confirmation Prompt Setting When checked, requires user confirmation when unconfiguring Intel® Management Engine.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 Feature Type Description Default Notes Windows HBMA Support Setting Set Host Based MAC Address (HBMA) support in the Windows OS environment. Checked but greyed out until Host Based MAC Address is Enabled Notebook only Single NIC Operation (Disable All Other NICs when HBMA is active on one NIC) Setting When within Windows OS only one NIC will operate using Host Based MAC Address (HBMA).
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 6 UEFI Drivers Main Security Advanced UEFI Drivers HP Computer Setup This will restart the system into the 3rd Part Option ROM Management application. You can get to this application directly by pressing F3 during startup 3rd Party Option ROM Management © Copyright 2016-2018 HP Development Company, L.P.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 7 Features Not in F10 Menu For features that are BIOS controlled but do not have an option or setting in the F10 menu. Feature Description Default Notes Privacy Panel For privacy panel equipped notebooks press fn+ f2 to enable / disable privacy panel feature. Use fn+ f5 and fn+f6 to decrease or increase the privacy panel brightness. Disabled For select privacy panel notebooks only.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 8 Computer Notifications 8.1 Introduction Platforms that support HP PC Commercial BIOS have various mechanisms to provide error indications that occur during Power-On-Self-Test (POST). The notifications can take several forms such as: • Blinks and Beeps • On screen notifications that include the following: ○ Pre-Boot messages (BIOS) ○ Popup messages within the OS © Copyright 2016-2018 HP Development Company, L.P.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 8.2 Blink and Beep Codes Some system errors prevent the use of the video screen; instead, the system provides error information through blink codes using LED lights. The LED light used depends on the system being a notebook or a desktop. The codes are presented in a sequence. For desktop, this means red blinks followed by white blinks. Audible long and short beeps accompany red or white blinks, respectively.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 8.3 Popup Messages Onscreen notification can involve popup (toaster) messages. These describe several events involving USB Type C ports.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 9 Appendix 1 9.1 What is UEFI? Unified Extensible Firmware Interface (UEFI) defines the interface between the operating system and platform firmware during the boot, or start-up process. Compared to BIOS, UEFI supports advanced pre-boot user interfaces. The UEFI network stack enables implementation on a richer network-based OS deployment environment while still supporting traditional PXE deployments. UEFI supports both IPv4 and IPv6 networks.
HP PC Commercial BIOS (UEFI) Setup August 2018 919946-003 9.5 The UEFI Forum For more information contact the Unified Extensible Firmware Interface (UEFI) Forum, it is a world-class non-profit industry standards body that works in partnership to enable the evolution of platform technologies. The UEFI Forum champions firmware innovation through industry collaboration and the advocacy of a standardized interface that simplifies and secures platform initialization and firmware bootstrap operations.
