HP Client Security Commercial Managed IT Software Technical whitepaper

ManualsBrandsHP ManualsDesktopsHP EliteBook Revolve 810 G2 Tablet

HP Client Security Technical Whitepaper

August 2016

747889-002

HP Security Strategy 10

Hardware-based

Common Criteria EAL4+

Certified TPM

A Common Criteria certification Evaluation Assurance Level 4+ (EAL4+)

Trusted Platform Module (TPM) provides hardware-based encryption

keys and more secure storage.

Self-Encrypting Drives

(SEDs)

Encrypts and decrypts data as it is being written to, or read from the

drive. Users get faster encryption performance than that of software-

based only encryption solutions.

Secure Erase

Permanently destroys data on your hard drive (HDD or SSD) in

preparation for system redeployment or disposal. Once executed, the

hard drive controller will completely rewrite all the data on the drive and

cannot be recovered even with advanced data recovery tools.

Meets NIST 800-88 Revision 1 Secure Erase guidelines.

1. Self-Encrypting Drives (SEDs) are not supported if the encryption is enabled.

2. Automatic DriveLock will work on another HP Business PC when the BIOS passwords are the same. Requires user

setup.

3. For the use cases outlined in the DOD 5220.22-M Supplement.

4. Requires Windows. Data is protected prior to Drive Encryption login. Turning the PC off or into hibernate logs out of

Drive Encryption and prevents data access.

5. For the methods outlined in the National Institute of Standards and Technology Special Publication 800-88 Revision 1.

(ElitePad 900 G1 support with BIOS F.03 and higher only).

Table 2 Device Protection Security Features

Layer

Device protection

Description

BIOSphere

HP Sure Start

HP Sure Start is the first and only self-healing technology

solution created to protect against Malware and Security attacks

aimed at the BIOS, developed in collaboration with HP Labs. Sure

Start is a hardware based solution that protects and recovers the

BIOS Boot Block regardless of the cause of corruption or

compromise assuring a virtually un-interrupted boot. Sure Start

is independent of CPU such that any virus or malware is not

aware of Sure Start or any of its components making this a

technology not easily susceptible to attacks.

HP BIOS Protection

Developed according to NIST SP 800-147 security guidelines, this

feature protects the BIOS from attacks. All BIOS updates are

checked for a proper cryptographic signature. If this check fails,

the platform will refuse the update.

 If malware is able to circumvent this process, and malicious

code is detected, the BIOS repairs itself using a verified BIOS

copy that is stored in the system flash memory. Otherwise,

the system does not boot and emits a particular LED code.

Users can recover manually by flashing the BIOS from a USB

storage device.

Pre-boot Security

Built-in security features such as BIOS security, port control,

communications device control, boot options, and Absolute

Persistence module.