HP Sure Recover - White Paper
HP Sure Recover
L49622-001, October 2018
HP Sure Recover helps make computers cyber-resilient
HP Sure Recover is a PC OS recovery solution built into the hardware and firmware that can fully recover the HP OS image without requiring that
recovery software be present on the machine. HP Sure Recover supports recovery using a network connection. Some devices have additional
embedded storage on the motherboard to support recovery in an offline state (not connected to a network). This configuration is called HP Sure
Recover with Embedded Reimaging. The embedded storage is unique from other technologies in that it is hardware-isolated from the host operating
system to disallow unauthorized change.
HP Sure Recover is enabled by default and can be started manually by pressing the F11 key at boot, or it can be configured to trigger automatically.
HP Sure Recover is configured by default to restore from Windows® 10 image and device driver repositories that are hosted by HP and accessible via
the public Internet. During the recovery process, HP Sure Recover utilizes strong public key cryptography to verify both the identity of the recovery
image’s provider and the integrity of the images themselves.
HP Sure Recover with Embedded Reimaging benefits the local user with a shorter recovery time, since there is a local copy of the Windows 10 image
and device driver already on the computer. This shortens the recovery process by removing the need to first download the image from the network.
Additionally, local users benefits by having recovery capability when they are in a location without a wired connection to the public Internet. HP
recommends not distributing secrets within custom images, as HP currently does not offer the capability to securely erase the contents of the local
embedded storage device.
HP Sure Recover with Embedded Reimaging also utilizes strong public key cryptography to verify the integrity of the image on the local embedded
storage device. HP Sure Recover with Embedded Reimaging can be configured to determine if there is a newer version of the image online and refresh
the local image.
Alternatively, HP Sure Recover can be configured to use custom images hosted on an internal private network or the public Internet. Additionally, the
HP Sure Recover configuration can be managed either locally or remotely, with the HP Sure Recover configuration for each computer protected in the
isolated, non-volatile memory of the HP Endpoint Security Controller hardware.
HP Sure Recover can be used by an administrator or the user to easily restore the system to the desired state, quickly installing the latest version of
the operating system, platform-specific device drivers, and (in the case of a custom image) software applications.
All HP computers that support HP Sure Recover also support HP Sure Start, HP’s industry-leading firmware security-and-resiliency solution that
meets or exceeds the National Institute of Standards Technology (NIST) Platform Firmware Resiliency guidelines (Special Publication 800-193).
Building on the resilient firmware foundation provided by HP Sure Start, HP computers with HP Sure Recover for the OS are extremely cyber-resilient.
Regardless of whether you want to perform custom operating system installations, recover from destructive malware, reset the system drive to the
desired state prior to computer redeployment, or automatically re-image on a regular schedule, HP’s cyber-resilient computers with HP Sure Recover
are the right solution.