HP PC Commercial BIOS (UEFI) Setup

ManualsBrandsHP ManualsDesktopsHP EliteBook 830 G5 Notebook PC

July 2020

919946-004

4 Security Menu 23

Feature

Type

Description

Default

Notes

BIOS Sure Start

Settings that control the behavior of HP Sure Start.

HP Sure Start is a built-in hardware security system

that protects your BIOS from accidental or malicious

corruption by (1) detecting BIOS corruption and then

(2) automatically restoring the BIOS to its last

installed HP-certified version. Some platforms in

2019 have the capability to recover Intel ME as well.

Secure Boot

Configuration

Options for managing Secure Boot state and Secure

Boot keys.

Secure Boot is a UEFI feature that helps resist attacks

and infection from malware. From the factory your

system came with a list of keys that identify trusted

hardware, firmware, and operating system loader

code. Your system also has a list of keys to identify

known malware.

Only

located here

on systems

without

legacy

support.

Secure Platform

Management (SPM)

Options for managing HP Sure Run and HP Sure

Recover and Sure Admin

 Physical Presence

Interface

Enable or disable the local prompt to confirm that a

sensitive setting change was requested by the user.

Checked

Smart Cover

Controls settings for Cover Lock and Cover Sensor

 Trusted Execution

Technology (TXT)

Setting

When checked, enables Trusted Execution

Technology on select Intel-based systems.

NOTE: Enabling this feature disables OS management

of TPM ( Embedded Security Device), prevents a reset

of the TPM, and constrains the configuration of VTx,

VTd, and TPM

Unchecked

Intel Only

Reboot

Required

Intel Software Guard

Extensions (SGX)

Setting

Enables Intel Software Guard Extensions. The

following settings are possible:

• Disable

• Enable

• Software control

Software

control

–or–

Disable

(non-vPro)

Intel Only

Full encryption of main

memory (DRAM)

Setting

When checked, the system stores all data to DRAM in

an encrypted format.

Checked

Select

products

only

Hard Drive Utilities

Utilities to protect private information on individual

hard drives: Drive Lock and Secure Erase.

Absolute Persistence

Module

Label

A subscription service that provides PC theft recovery,

tracking and data delete solutions

Activation Status

Display

Only

The subscription status can be inactive, active, or

permanently disabled.

Inactive

Absolute Persistence

Module Permanent

Disable

Display

Only

Shows current state of the Absolute Persistence

module (Yes = disabled, No = available).