Manualshelf

HP Sure Start for AMD Technical whitepaper

ManualsBrandsHP ManualsDesktopsHP EliteDesk 705 G5 Small Form Factor PC
12345678910
July 2019
L75214-001
HP Sure Start for AMD
© Copyright 2019 HP Development Company, L.P.
Table of contents 2
Table of contents
1 Introduction ........................................................................................................................... 5
1.1 Why is BIOS protection important? ................................................................................................................. 5
1.2 HP Sure Start for AMD provides superb firmware protection .......................................................................... 5
1.3 Third-party security certification ..................................................................................................................... 6
1.4 Cyber-resilient design ..................................................................................................................................... 6
2 Architectural overview and capabilities ................................................................................. 7
2.1 Firmware integrity verificationthe core of HP Sure Start for AMD ............................................................... 7
2.2 Machine-unique data integrity ........................................................................................................................ 8
2.3 BIOS setting protection ................................................................................................................................... 8
2.4 HP Sure Start for AMD-protected storage ....................................................................................................... 8
2.4.1 Data integrity ............................................................................................................................................................. 8
2.4.2 Data Confidentiality ................................................................................................................................................... 9
2.5 Secure boot keys protection ........................................................................................................................... 9
3 User notifications, event logging, and policy management ................................................. 10
3.1 HP Sure Start for AMD end user notifications ................................................................................................ 10
3.2 HP Sure Start for AMD event logging ............................................................................................................ 10
3.3 HP Sure Start for AMD policy controls ........................................................................................................... 11
3.3.1 Verify Boot Block on Every Boot .............................................................................................................................. 11
3.3.2 BIOS Data Recovery Policy....................................................................................................................................... 11
3.3.3 HP Sure Start BIOS Setting Protection .................................................................................................................... 12
3.3.4 HP Sure Start Secure Boot Keys Protection ............................................................................................................ 12
3.3.5 HP Sure Start Security Event Policy ......................................................................................................................... 12
3.3.6 HP Sure Start Security Event Boot Notification ....................................................................................................... 12
3.3.7 Lock BIOS Version .................................................................................................................................................... 12
3.3.8 Boot Sector (MBR/GPT) Recovery Policy ................................................................................................................. 13
3.4 Remote management of HP Sure Start for AMD policy controls ................................................................... 13
4 Conclusion ........................................................................................................................... 14
5 Appendix ANIST SP 800-193: Platform Firmware Resiliency Guidelines ........................... 15
5.1 Prior NIST guidelines for BIOS security .......................................................................................................... 15
5.2 NIST SP 800-193 Critical Platform Devices in HP Commercial PCs ............................................................... 15
5.3 Acronyms ...................................................................................................................................................... 16