Manualshelf

HP Sure Start

ManualsBrandsHP ManualsComputersEliteDesk 705 G4 Mini Desktop Computer
10111213141516171819
15
Technical white paper | HP Sure Start
Appendix C—NIST SP 800-193: Platform Firmware Resiliency Guidelines
Released in May 2018, the NIST SP 800-193: Platform Firmware Resiliency Guidelines describe guidelines for security
mechanisms to protect platform rmware against unauthorized changes, detect unauthorized changes that occur, and
recover from these unauthorized changes.
These guidelines outline three dierent resiliency properties:
1. Protected: meets all Protection and Secure Update requirements
2. Recoverable: meets all Detection and Recovery requirements
3. Resilient: meets all Protection, Detection, and Recovery requirements
Of these three properties, Resilient is the strongest, providing the most benet to HP Customers. HP Sure Start Gen3 and
Gen4 meet and exceed all Resilient guidelines in NIST SP 800-193 for host processor boot rmware, also known as the
UEFI BIOS. Further, HP Sure Start Gen3 and Gen4 also meet requirements for other Critical Platform Device Firmware, as
shown in Table 1 below.
Prior NIST guidelines for BIOS security
NIST SP 800-193 goes beyond NIST SP 800-147, which only addressed protection and the secure update of the
platform’s UEFI BIOS. HP Sure Start Gen4 and prior generations of HP Sure Start, along with HP BIOSphere Gen4 and prior
generations of HP BIOSphere, all support NIST SP 800-147.
NIST SP 800-193 also goes beyond NIST SP 800-155, which outlined security components and guidelines to establish a
secure BIOS integrity measurement and reporting chain. Likewise, HP Sure Start Gen4 and prior generations of HP Sure
Start, along with HP BIOSphere Gen4 and prior generations of HP BIOSphere, all support NIST SP 800-155.
NIST SP 800-193 Critical Platform Devices in HP Commercial PCs
NIST SP 800-193 acknowledges that the denition of Critical Platform Devices can vary. Critical Platform Devices are
dened in section 3.2 (Resiliency Properties):
“For a platform as a whole to claim resiliency to destructive attacks, the set of platform devices necessary
to minimally restore operation of the system, and suicient to restore reasonable functionality, should
themselves be resilient. We call this set of devices critical platform devices. The particular resiliency
properties may vary from platform-to-platform.
For that reason, it is important to dene this set of devices and applicable rmware for HP Commercial PCs. NIST SP
800-193 provides a reference platform architecture in Section 2 along with a list of devices which are “often critical to the
normal and secure operation of a platform.” The table below provides a mapping to each of those devices/subsystems to
the applicable rmware components in the HP Commercial Notebook PCs.
Note that each customer environment should be evaluated to determine whether there are additional peripheral devices
that are critical to restore reasonable functionality specic to the customer’s deployment.
Technical white paper | HP Sure Start