Manualshelf

HP Sure Start for AMD Technical whitepaper

ManualsBrandsHP ManualsDesktopsHP EliteDesk 705 G5 Small Form Factor PC
10111213141516171819
July 2019
L75214-001
HP Sure Start for AMD
© Copyright 2019 HP Development Company, L.P.
5 Appendix ANIST SP 800-193: Platform Firmware Resiliency Guidelines 15
5 Appendix ANIST SP 800-193: Platform
Firmware Resiliency Guidelines
Released in May 2018, the NIST SP 800-193: Platform Firmware Resiliency Guidelines describe guidelines for security
mechanisms to protect platform firmware against unauthorized changes, detect unauthorized changes that occur, and recover
from these unauthorized changes.
These guidelines outline three different resiliency properties:
1. Protected: meets all protection and secure update requirements
2. Recoverable: meets all detection and recovery requirements
3. Resilient: meets all protection, detection, and recovery requirements
Of these three properties, Resilient is the strongest, providing the most benefit to HP customers. HP Sure Start for AMD meets or
exceeds all Resilient guidelines in NIST SP 800-193 for host processor boot firmware, also known as the UEFI BIOS. Further, HP
Sure Start for AMD also meets requirements for other Critical Platform Device Firmware, as shown in Table 2 below.
5.1 Prior NIST guidelines for BIOS security
NIST SP 800-193 goes beyond NIST SP 800-147, which only addressed protection and the secure update of the platform’s UEFI
BIOS. HP Sure Start for AMD prior generations of HP Sure Start, along with HP all support NIST SP 800-147.
NIST SP 800-193 also goes beyond NIST SP 800-155, which outlined security components and guidelines to establish a secure
BIOS integrity measurement and reporting chain. Likewise, HP Sure Start for AMD and prior generations of HP Sure Start, along all
support NIST SP 800-155.
5.2 NIST SP 800-193 Critical Platform Devices in HP Commercial PCs
NIST SP 800-193 acknowledges that the definition of Critical Platform Devices can vary. Critical Platform Devices are defined in
section 3.2 (Resiliency Properties):
“For a platform as a whole to claim resiliency to destructive attacks, the set of platform devices necessary to
minimally restore operation of the system, and sufficient to restore reasonable functionality, should
themselves be resilient. We call this set of devices critical platform devices. The particular resiliency properties
may vary from platform-to-platform.”
For that reason, it is important to define this set of devices and applicable firmware for HP Sure Start for AMD Commercial PCs.
NIST SP 800-193 provides a reference platform architecture in Section 2 along with a list of devices which are “often critical to the
normal and secure operation of a platform.” The table below provides a mapping to each of those devices/subsystems to the
applicable firmware components in HP Sure Start for AMD Commercial PCs.
Note that each customer environment should be evaluated to determine whether there are additional peripheral devices that are
critical to restore reasonable functionality specific to the customer’s deployment.