HP PC Commercial BIOS (UEFI) Setup Whitepaper

ManualsBrandsHP ManualsDesktopsHP EliteBook x360 1020 G2

August 2018

919946-003

HP PC Commercial BIOS (UEFI) Setup

4 Security Menu 21

Feature

Type

Description

Default

Notes

 Sure Start BIOS

Settings Protection

Setting

Protects critical BIOS Settings by saving a backup copy

and restoring them if altered.

Unchecked

Greyed out

until admin

password is

set.

 Sure Start Secure

Boot Keys

Protection

Setting

Saves backup copy of Secure Boot Keys on private ROM,

so that they can be recovered if someone attempts to

alter them in an unauthorized manner.

 Enhanced HP

Firmware Runtime

Intrusion Prevention

and Detection

Setting

Monitors key areas of memory for corruption or attack,

notifies user of attack (based on the settings in “Sure

Start Security Event Policy”), and prevents the attack

from taking place.

NOTE: Only available on certain Intel systems

Checked

 HP Firmware

Runtime Intrusion

Detection

Setting

Monitors key areas of memory for corruption or attack

and notifies user of attack (based on the settings in “Sure

Start Security Event Policy”).

NOTE: Only available on certain AMD chipset systems

2016 or later.

Checked

Sure Start Security

Event Policy

Setting

Determines how a Sure Start Intrusion Detection event

should be handled.

• Log the event in the audit log.

• Log the event in the audit log and prompt the

user to acknowledge the event.

• Log the event in the audit log and power off the

system.

Prior to 2016: Not available

Log Event and

notify user

Sure Start Security

Event Boot

Notification

Enable a warning message at boot screen if there is a

Sure Start event (BIOS recovery, Memory intrusion, etc)

Require

Acknowledgment

4.5 Smart Cover Menu (select products only)

This sub-menu controls settings for Cover Lock and Cover Sensor.

Table 12 Smart Cover Menu features

Feature

Type

Description

Default

Notes

Cover

Lock

Setting

The Smart Cover Lock is a software-controllable cover lock. This lock prevents

unauthorized access to the internal components. The following settings are

possible:

• Lock

• Unlock

Unlock

Desktop

only with

Cover Lock

Reboot

Required

Cover

Removal

Sensor

Setting

The Cover Removal Sensor has the following settings:

• Disabled

• Notify the User: (Used by individuals managing their desktop)

Administrator Password: (Used to alert desktop administrators of a cover

removal, by blocking use of the desktop without an administrator password.

This setting is only visible when an administrator password set)

Disable

Desktop

only with

Cover

Sensor

Reboot

Required