HP Sure Start - Technical white paper
13
Technical white paper | HP Sure Start
Appendix A—HP Sure Start, Gen by Gen
HP introduced Sure Start in 2014. Since that time, HP has enhanced Sure Start and expanded the number of products that
use it. The table below provides a summary of the capabilities that were added with each generation.
Generation Release date Capabilities added
HP Sure Start 2014 • Firmware and BIOS authenticity enforcement, with the ability to self-heal
• Firmware monitoring and compliance
HP Sure Start with
Dynamic Protection
2015 • Windows Event Viewer support
• Dynamic Protection (for select Intel products)
HP Sure Start Gen3
(select Intel products)
5
HP Sure Start with Runtime
Intrusion Detection
(select AMD products)
6
2017 • Runtime Intrusion Detection
• BIOS setting protection
• Manageability Integration Kit (MIK) plug-in for Microsoft SCCM
HP Sure Start Gen4
7
2018 • Protected storage—strong cryptographic methods to store BIOS settings, user
credentials, and other settings in the HP Endpoint Security Controller hardware
to provide integrity protection, tamper detection, and condentiality protection
for that data
• Secure boot database protection—enhanced protection of databases and keys
stored by BIOS that are critical to the integrity of the OS secure boot feature
versus standard UEFI BIOS implementation
• On Intel platforms, enhanced protection and recovery of the Intel Management
Engine Firmware
• Third-party security certication of HP Endpoint Security Controller—testing by
an independent and accredited laboratory to validate that the HP ESC hardware
core functionality works as claimed per publicly available criteria, methodology,
and processes
1
• HP business PCs with HP Sure Start exceed the NIST Platform Firmware
Resiliency guidelines (Special Publication 800-193) for host processor
boot rmware and other critical platform device rmware, as discussed in
Appendix C.
5
HP Sure Start Gen3 is available on HP Elite products equipped with Intel 7th generation processors.
6
HP Sure Start with Runtime Intrusion Detection is available on HP Elite products equipped with AMD 7th generation processors.
7
HP Sure Start Gen4 is available on HP Elite and HP Pro 600 products equipped with 8th generation Intel or AMD processors.