HP Sure Start - Technical white paper

Sign up for updates
hp.com/go/getupdated
© Copyright 2018, 2019 HP Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP
products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as
constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
AMD is a trademark of Advanced Micro Devices, Inc. Intel is a trademark of Intel Corporation in the U.S. and other countries. Microsoft and Windows are
either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
L49253-001, January 2019
Technical white paper | HP Sure Start
NIST SP 800-193 HP Sure Start
Rollback prevention Exceeds all
Resiliency
Requirements
Gen3+ and the UEFI boot block both have controls in place to protect against recovery to
an earlier rmware version with security weaknesses.
Runtime Intrusion
Detection
Additional
Functionality
not required in
NISTSP800-193
NIST SP 800-193 is silent on what happens to rmware once it is loaded from nonvolatile
storage (ash) into volatile storage (RAM) for execution. Gen3+ provides runtime
intrusion detection of UEFI SMM code loaded into SMM RAM.
Physical attack
detection
Additional
Functionality
not required in
NISTSP800-193
Gen4 provides protection against physical attacks to the protected backup copy of
dynamic critical data. AES encryption is used on a per-component unique key to provide
condentiality of private data. In addition, HMAC integrity measurements provide tamper
prevention/detection of those keys.