HP PC Commercial BIOS (UEFI) Setup Administration Guide For Commercial Platforms using HP BIOSphere Gen 3-5 2016 -2019 Technical Whitepaper
HP PC Commercial BIOS (UEFI) Setup
June 2019
919946-004
© Copyright 2016-2019 HP Development Company, L.P.
5 Advanced Menu 34
Feature
Type
Description
Default
Notes
Provisioning
Version:
Version of the recovery agent’s provisioning data. This
value will be 0 until a scheduled download occurs after a
change is made to the recovery agent URL.
Not shown unless
Recover from
Network checked.
Recovery
Image
Label
Not shown unless
Recover from
Network checked.
URL:
Location of the current recovery image URL.
Not shown unless
Recover from
Network checked.
Username:
Username (optional) to access the recovery image.
Not shown unless
Recover from
Network checked.
Provisioning
Version:
Version of the recovery image’s provisioning data. This
value will be 0 until a scheduled download occurs after a
change is made to the recovery image URL.
Not shown unless
Recover from
Network checked.
5.6 Secure Boot Configuration Menu
This submenu allows the user to configure boot mode and Secure Boot. Starting with Windows 8, Secure Boot is a UEFI
feature that helps resist attacks and infection from malware. From the factory, your system came with a list of keys that
identify trusted hardware, firmware, and an operating system loader code. It also created a list of keys to identify known
malware.
Table 23 Secure Boot Configurations Menu features
Feature
Type
Description
Default
Notes
Configure Legacy
Support and Secure
Boot
Setting
Legacy Support has the ability to boot from a non-UEFI
device. Only UEFI devices can support Secure Boot. The
following settings are possible:
• Legacy Support Enable and Secure Boot Disable
• Legacy Support Disable and Secure Boot Enable
• Legacy Support Disable and Secure Boot Disable
OS Dependent
Import Custom
Secure Boot keys
Setting
When checked and system is rebooted, custom secure boot
keys are imported from the EFI\HP directory from the hard
drive or USB device. The custom keys consist of PK, KEK, DB,
and Dbx .bin files. When import succeeds or fails, a preboot
prompt shows the results of each key bin file.
Unchecked
Reboot
Required
Clear Secure Boot
Keys
One
Time
Action
When checked, clears the Secure Boot keys one time on next
save and exit. This setting will be unchecked again when you
return from exit. This action is not available when Legacy
Support is enabled or when no imported keys are present.
Unchecked
Reset Secure Boot
Keys to Factory
Defaults
One
Time
Action
When checked, restores secure boot keys to factory defaults
one time on next save and exit. This setting will be unchecked
again, when you return from exit.
Unchecked
Enable MS UEFI CA
key
Setting
When checked, the Microsoft (MS) UEFI Certificate Authority
(CA) key is trusted by Secure Boot
NOTE: Uncheck this to support Windows 10 Device Guard
feature
Checked