Manualshelf

HP Sure Start for AMD Technical whitepaper

ManualsBrandsHP ManualsDesktopsHP EliteDesk 705 G5 Small Form Factor PC
10111213141516171819
July 2019
L75214-001
HP Sure Start for AMD
© Copyright 2019 HP Development Company, L.P.
3 User notifications, event logging, and policy management 11
Table 1 Types of HP Sure Start for AMD Windows Event Viewer events
Event Level
Definition
Info
Events that are expected to occur during the normal course of operation
(e.g., updating the BIOS).
Warning
Unexpected events that have occurred but were fully recovered from by
HP Sure Start for AMD and no user/admin action is required for the
platform to be fully operational. These events are anomalous operations
that the user/admin may want to investigate further, especially if there is
a trend of these events across multiple machines.
Error
Events that require the admin/HP service to act on the platforms to fully
recover.
3.3 HP Sure Start for AMD policy controls
Out of the box, the HP system BIOS enables and optimizes HP Sure Start for AMD policies for the typical user. Since HP Sure Start
for AMD is enabled by default, the typical user is protected by HP Sure Start for AMD without having to modify the settings. For
advanced users, the system BIOS provides some control of HP Sure Start for AMD behavior, using policy settings in the (F10) BIOS
Setup. Unless otherwise noted, these settings and functions are located under Security/BIOS Sure Start.
NOTE: Policies are stored within the HP ESC nonvolatile memory that is not directly accessible by the host CPU; therefore, a reboot
is required before any Sure Start settings take effect.
The following HP Sure Start for AMD settings and functions are available:
Verify Boot Block on Every Boot
BIOS Data Recovery Policy
HP Sure Start BIOS Setting Protection
HP Sure Start Secure Boot Keys Protection
HP Sure Start Security Event Policy
HP Sure Start Security Event Boot Notification
Lock BIOS Version
Save/Restore MBR of System Hard Drive
Save/Restore GPT of System Hard Drive
Boot Sector (MBR/GPT) Recovery Policy
3.3.1 Verify Boot Block on Every Boot
HP Sure Start for AMD always verifies the integrity of the system flash BIOS boot block before resuming from sleep, hibernate, or
power-off. When set to enable, HP Sure Start for AMD will also verify the integrity of the boot block on each warm boot (Windows
restart). The trade-off to consider is faster restart time versus more security. The default setting of this feature is disable.
3.3.2 BIOS Data Recovery Policy
When set to Automatic, HP Sure Start for AMD automatically repairs the BIOS or the Machine Unique Data when necessary. When
set to Manual, HP Sure Start for AMD requires a special key sequence to proceed with the repair. In the case of an issue with the
boot block code, the system will refuse to boot, and a unique blink sequence will flash on the system LED. The system LED that
lights may vary by platform and by instance. In the case of an issue with the Machine Unique Data, the system will display a
message on the screen. The key sequence required, and the blink sequence displayed, vary depending whether the system is a