HP Business Desktops BIOS
factor authentication is selected, the smart card could be stolen and an unauthorized person might
gain access to the machine.
Each smart card holds a BIOS passphrase as its credential. This BIOS pass phrase is a string of up to
32 characters. This pass phrase can be chosen by the administrator or a random 32-byte value can
be generated by the smart card tools. The administrator may configure the computer so that the
DriveLock passwords are established by using the smart card pass phrases. In this case, the smart
card pass phrase will automatically be used to unlock the drive during startup.
Preventing unauthorized data removal
Device security is a feature that uses either chipset or motherboard hardware to hide I/O
(input/output) ports from the OS or disable mass storage controllers or devices. When hidden, the
selected ports are not accessible to the OS or any other software. Only the BIOS can re-enable these
ports. This feature is useful for those that are concerned about unauthorized removal of sensitive data
from the machine using these I/O ports. The ports that can be secured may vary by model, but
generally include the serial port(s), parallel port, USB port(s), network connection, and audio.
The IDE and SATA controllers can also be disabled, preventing devices from functioning on these
ports. In addition, the diskette controller can be set to disallow saving data to the diskette.
Physically securing the platform hardware
The BIOS provides control with two types of physical security: hood latch and hood sensor. The hood
latch is an electronically controlled mechanism that locks the chassis hood. The hood sensor is a
device that detects if the chassis hood has been opened or removed. The administrator has the choice
of which security policy to enable if a hood sensor event should happen:
• Notify the user on the next startup that the chassis hood has been removed
• Require administrator authorization to continue the startup process
• Ignore any chassis hood removal
12