Manualshelf

HP Sure Start for AMD Technical whitepaper

ManualsBrandsHP ManualsDesktopsHP EliteDesk 705 G5 Small Form Factor PC
10111213141516171819
July 2019
L75214-001
HP Sure Start for AMD
© Copyright 2019 HP Development Company, L.P.
3 User notifications, event logging, and policy management 13
When set to disable, you can update the BIOS using any supported process. When the HP ESC detects a valid boot block update in
the system flash, it updates the backup copy of the boot block.
When set to enable, all HP BIOS update tools refuse to update the BIOS. In addition, HP Sure Start for AMD protects the BIOS from
attempts to change the BIOS version by removing the system flash via an unauthorized method. The HP ESC records the locked-
down version of BIOS. When the HP ESC detects that the BIOS in the system flash changed, the HP ESC overwrites the BIOS boot
block with the HP ESC copy of the boot block. The HP ESC copy of the boot block executes and recovers the remainder of the
correct version of the BIOS. The default setting of this feature is disable.
Save/Restore MBR of System Hard Drive and Save/Restore GPT of System Hard Drive
In the (F10) BIOS setup, this feature is located in Security/Hard Drive Utilities. Only one of these capabilities is available, depending
on the partition type of the primary drive (GPT or MBR), as detected by HP Sure Start for AMD.
When set to enable, HP Sure Start for AMD maintains a protected backup copy of the MBR/GPT partition table from the primary
drive and compares the backup copy to the primary on each boot. If a difference is detected, the user is prompted and can choose
to recover from the backup to the original state, or to update the protected backup copy with the changes. The Boot Sector
(MBR/GPT) Recovery Policy can optionally be used to remove the user decision for the action taken in the event of a discrepancy
found by HP Sure Start for AMD.
When set to disable (default), no MBR/GPT protection is provided by HP Sure Start for AMD.
3.3.8 Boot Sector (MBR/GPT) Recovery Policy
When set to Local User Control (default) the user is prompted for the action to take when HP Sure Start for AMD detects a change
in the MBR/GPT partition table. When set to Recover in the event of corruption, HP Sure Start for AMD automatically restores the
MBR/GPT to the saved state any time differences are encountered.
3.4 Remote management of HP Sure Start for AMD policy controls
Out of the box, HP Sure Start for AMD policies are optimized for the typical user. Since HP Sure Start for AMD is enabled by default,
there is no need for the remote administrator to take any action to enable (“deploy”) HP Sure Start for AMD. If a remote
administrator wants to modify HP Sure Start for AMD policy settings, the same Windows Management Instrumentation (WMI) APIs
or HP BIOS Configuration Utility scripts that are used to manage other platform BIOS policies can be used to manage HP Sure Start
for AMD policies. In addition, administrators can remotely manage HP Sure Start for AMD capabilities with the Manageability
Integration Kit (MIK) plug-in for Microsoft System Center Configuration Manager (SCCM).
Also, administrators can remotely manage HP Sure Start for AMD capabilities and view HP Sure Start for AMD events with the
Manageability Integration Kit (MIK) plug-in for Microsoft System Center Configuration Manager (SCCM).