UEFI pre-boot guidelines and Microsoft® Windows® 8 UEFI Secure Boot for HP Business PCs PPS business notebooks, desktop, and workstations - Technical White Paper
Technical white paper | UEFI Secure Boot on HP business notebooks, desktops, and workstations
11
Figure 7. BIOS Setup User Mode selection for notebooks.
Note
If the user tries to import the HP PK again when the selection is the Customer Keys, the BIOS will reject the PK.
Secure Boot Key management for desktops and workstations
Figure 8. HP Platform Key Management for desktops
Secure Boot Configuration
Legacy Support Disabled
Secure Boot Enabled
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
Key Management
Clear Secure Boot Keys Don’t Clear
Key Ownership ►HP Keys
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
Fast Boot Enabled
The factory-default HP BIOS sets Key Ownership to HP Keys. This means the HP platform key (PK), Microsoft key exchange
key (KEK), Microsoft database (db), and a blacklist database (dbx) are populated. When Secure Boot is disabled, the keys
currently enrolled in the system are preserved. If a custom PK, KEK, db, and dbx are desired, the user must change Key
Ownership to Custom Keys. Once confirmed, this change will automatically disable Secure Boot and clear the PK, KEK, db,
and dbx. The user may then import custom keys and re-enable Secure Boot.
Note
If the user tries to import the HP PK when Key Ownership is Custom Keys, the BIOS will reject the PK.