Manualshelf

BIOS-enabled security features in HP business notebooks - Technical white paper

ManualsBrandsHP ManualsDesktopsHP EliteBook 2570p Notebook PC
123456789
7
Table 1: Data written to the drive on each cycle
Disk Sanitizer cycle
Data written to drive
First cycle
00000000 (all zeros)
Second cycle
11111111 (all ones)
Third cycle
random writes of 1 or 0 and verify
Fourth cycle
00000000 (all zeros)
Enabling Disk Sanitizer
Access Disk Sanitizer by pressing the f10 key as the system starts. Select Disk Sanitizer from the Security Menu. You can
run Disk Sanitizer in one of three modes:
Fast: Writes one cycle
Optimum: Writes three cycles
Custom: Writes the number of cycles configured by the user
The US Department of Defense internal process requires five cycles. For most users, the Fast or Optimum cycle is
sufficient.
The amount of time needed for Disk Sanitizer to run depends on both the hard drive size and the number of cycles. On a
40 GB hard drive, a single pass can take up to three hours, so HP recommends that you plug the notebook into an AC
outlet before you start Disk Sanitizer.
How does Secure Erase work?
Secure Erase relies on an ATA command called “Security Erase Unit” that is defined in the American National Standards
Institute (ANSI) ATA and SCSI disk drive interface specification.
Secure Erase runs inside the drive hardware to overwrite data contained on the drive. Manufacturers of industry-
standard SSDs that are approved for use in HP business notebook products have informed HP that running the Secure
Erase command on their SSDs will fully remove all user data so that it cannot be recovered.
A BIOS administrator configures Secure Erase as follows:
1. Boot the system, and press f10 to enter the BIOS setup.
2. Select Secure Erase from the Security menu.
3. Select the drive that you want to erase.
4. A warning screen requires that you approve or cancel the erasure.
Securing devices
If a computer boots from a device other than the primary hard drive, the user authentication built into the OS can be
easily bypassed. Therefore, HP business notebooks provide sophisticated functionality that gives users control over
multiboot capability and boot order. HP business notebooks also allow users to enable and disable individual ports.
Boot options
This BIOS feature allows users to enable or disable booting the system from the following devices:
Optical device
Diskette drive
USB device
SD Card
Network (PXE) boot
eSATA device