HP Sure Start - Technical white paper
Technical white paper
HP Sure Start
Automatic rmware intrusion detection and repair
HP Sure Start can automatically detect, stop, and recover from a BIOS attack or 
corruption without IT intervention and with little or no interruption to user 
productivity. Every time the PC powers on, HP Sure Start automatically validates 
the integrity of the BIOS code to help ensure that the PC is safeguarded from 
malicious attacks. Once the PC is operational, runtime intrusion detection 
constantly monitors memory. In the case of an attack, the PC can self-heal 
using an isolated “golden copy” of the BIOS in less than a minute.
Table of contents
Why is BIOS protection important? ............................................................................................................................... 2
HP Sure Start provides superb rmware protection ................................................................................................. 2
Architectural overview and capabilities ...................................................................................................................... 3
Firmware integrity verication—the core of HP Sure Start .............................................................................. 3
Machine unique data integrity ................................................................................................................................. 5
Descriptor region ........................................................................................................................................................ 5
Network controller protection ................................................................................................................................. 5
BIOS setting protection ............................................................................................................................................. 5
HP Sure Start–protected storage ............................................................................................................................ 5
Secure boot keys protection ................................................................................................................................... 6
Runtime Intrusion Detection (RTID) ........................................................................................................................ 7
User notications, event logging, and policy management .................................................................................... 8
HP Sure Start end user notications....................................................................................................................... 8
HP Sure Start event logging ..................................................................................................................................... 8
HP Sure Start policy controls ................................................................................................................................... 9
Remote management of HP Sure Start policy controls ................................................................................... 12
Conclusion  ....................................................................................................................................................................... 12
Appendix A—HP Sure Start, Gen by Gen .................................................................................................................. 13
Appendix B—System Management Mode (SMM) overview .................................................................................. 14
Appendix C—NIST SP 800-193: Platform Firmware Resiliency Guidelines ........................................................ 15










