Manualshelf

HP ProtectTools - Firmware security features in HP business notebooks

ManualsBrandsHP ManualsTabletHP Compaq tc4200 Base Model Tablet PC
12345678910
Power-on Password authentication overview
Pre-boot power-on authentication is a simple but effective implementation of pre-boot security and has
been available on computers for some time. In their simplest form, power-on passwords require a
user to enter a password that gets stored in the system’s non-volatile memory. At power-on, the
system prompts the user for the stored password and allows the boot process to continue if the correct
password is entered.
If an incorrect password is entered three times, no further retries are permitted until the system is
powered down and restarted. This feature further protects the system from unauthorized access by
forcing the password to be entered manually.
If care is taken to choose a strong password, power-on passwords are an effective way to enhance
system security and help protect systems against unauthorized access.
The drawback to power-on passwords is that typically a computer can only have one. This means
power-on passwords are effective only on single user systems.
Enabling Power-on password
Power-on password can be enabled via BIOS configuration by pressing F10 at startup. It can also
be enabled via the BIOS configuration utility for HP ProtectTools. To enable, enter BIOS Setup, and
from the Security menu, select Power-On Password.
In the BIOS configuration module for HP ProtectTools, power-on password can be enabled by setting
Power-on Password from the Passwords page.
Best Practice
To ensure that the power -on password cannot be easily guessed,
passwords should be created using established guidelines, and personal
information should never be used as a password.
Smart card authentication overview
The ability to use a smart card for pre-boot authentication is an HP professional innovation. This
feature adds the security of multifactor authentication to pre-boot security and gives the added
convenience of having to remember only the PIN.
Smart card authentication works by storing the BIOS pre-boot password on the smart card. At pre-
boot, once the smart card is inserted and the correct PIN has been entered, the BIOS password is
released, and the boot process then continues.
Since the user has to enter a PIN only the system administrators have the freedom to create extremely
strong BIOS passwords, making unauthorized access even more difficult while at the same time
making authorized access simpler.
With smart card pre-boot authentication, multi-user access becomes possible. While the same power-
on password is stored on every smart card, each smart card is unique, with a unique user name and
unique PIN.
Enabling smart card pre-boot authentication
Enabling smart card pre-boot authentication is a two step process.
1. Smart card power-on support should be enabled. This can be done either in the BIOS setup by
pressing F10 at start up, or via the BIOS configuration module for HP ProtectTools. To
enable, enter BIOS setup and from the Security menu, select and then enable Smart Card
Security.
4