Manualshelf

HP PC Commercial BIOS (UEFI) Setup

ManualsBrandsHP ManualsDesktopsHP EliteBook 830 G6 Notebook PC
21222324252627282930
HP PC Commercial BIOS (UEFI) Setup
July 2020
919946-004
© Copyright 2016-2020 HP Development Company, L.P.
4.3 Trusted Platform Module (TPM) Embedded Security Menu
This submenu for the Trusted Platform Module (TPM.) is a dedicated microprocessor that provides security functions for
secure communication and software and hardware integrity. The built-in TPM hardware solution is more secure than a
software-only solution.
Table 13 TPM Embedded Security Menu features
Feature
Type
Description
Default
Notes
TPM
Specification
Version
Display
Only
The Trusted Computing Group (TCG) is an industry group that
defines specifications for a TPM. As of this writing, possible TPM
specification versions are 1.2 or 2.0.
NOTE: Windows 10 requires TPM 2.0 capability.
2.0
TPM Device
Setting
Makes the TPM available. The following settings are possible:
Available
Hidden
Available
Reboot, Physical
Presence Required
TPM State
Setting
When checked, enables the ability for the OS to take ownership of
the TPM (v1.2) or enables OS and application access to the
various security capabilities of the TPM (v2.0).
Checked
Reboot, Physical
Presence Required
Clear TPM
Action
When selected, clears the TPM on the next boot. After clearing
the TPM, this resets to No. The following settings are possible:
No
On next boot
No
Reboot Required
TPM
Activation
Policy
Setting
This setting allows an administrator to choose between
convenience and extra security. The extra security is to ensure
that the user of the system will at least see that the TPM device
upgraded its firmware (F1 to Boot), or at most the user has the
ability to reject the upgrade of the TPM device (Allow user to
reject.) These user prompts limit the impact of remote attacks on
the system by requiring a user to be physically present for the
upgrade. When security of the system is of less concern, the third
option (No prompts) removes any requirement for a user to
acknowledge the upgrade. This last option is the most convenient
for remotely upgrading many systems at once.
The following settings are possible:
F1 to Boot
Allow user to reject
No prompts
Allow
user to
reject
HP recommends
an option that
requires the
physical presence
of the user