Manualshelf

HP PC Commercial BIOS (UEFI) Setup Whitepaper

ManualsBrandsHP ManualsDesktopsHP EliteBook x360 1020 G2
11121314151617181920
August 2018
919946-003
HP PC Commercial BIOS (UEFI) Setup
© Copyright 2016-2018 HP Development Company, L.P.
4 Security Menu 19
4.3 Trusted Platform Module (TPM) Embedded Security Menu
This sub-menu for the Trusted Platform Module (TPM.) is a dedicated microprocessor that provides security functions for
secure communication and software and hardware integrity. The built in TPM hardware solution is more secure than a
software only solution.
Table 10 TPM Embedded Security Menu features
Feature
Type
Description
Default
Notes
TPM
Specification
Version
Display
only
The Trusted Computing Group (TCG) is an industry group that
defines specifications for a TPM. As of this writing, possible TPM
specification versions are 1.2 or 2.0.
TPM Device
Setting
Makes the TPM available. The following settings are possible:
Available
Hidden
Available
Reboot, Physical
Presence Required
TPM State
Setting
When checked, enables the ability for the OS to take ownership of
the TPM
Checked
Reboot, Physical
Presence Required
Clear TPM
Action
When selected, clears the TPM on the next boot. After clearing
the TPM, this resets to No. The following settings are possible:
No
On next boot
No
Reboot Required
TPM
Activation
Policy
Setting
This setting allows an administrator to choose between
convenience and extra security. The extra security is to ensure
that the user of the system will at least see that the TPM device
upgraded its firmware (F1 to Boot), or at most the user has the
ability to reject the upgrade of the TPM device (Allow user to
reject.) These user prompts limit the impact of remote attacks on
the system by requiring a user to be physically present for the
upgrade. When security of the system is of less concern, the third
option (No prompts) removes any requirement for a user to
acknowledge the upgrade. This last option is the most convenient
for remotely upgrading many systems at once.
The following settings are possible:
F1 to Boot
Allow user to reject
No prompts
Allow
user to
reject
HP recommends
an option that
requires the
physical presence
of the user