Manualshelf

HP Client Security Commercial Managed IT Software

ManualsBrandsHP ManualsDesktopsHP EliteBook 820 G1 Notebook PC
21222324252627282930
29
o Windows 8.1 (32-bit and 64-bit)
Supported Languages
o HPDE supports 35 languages (English, Brazilian Portuguese, Czech, French, German, Italian, Japanese,
Korean, Russian, Simplified Chinese, Traditional Chinese (Taiwan/Hong Kong), Spanish, Thai, Arabic, Danish,
Dutch, Finnish, Polish, Sweden, Turkish, Bulgarian, Hebrew, Hungarian, Norwegian, Portuguese (Iberian),
Slovak, Croatian, Estonian, Greek, Latvian, Lithuanian, Romanian, Serbian, Slovenian).
Supported SED’s (other drives may work, but these have been pre-qualified):
Vendor Model # Drive Type Firmware
Micron MTFDDAK256MAM-1K12 SSD OPAL 08TH
Seagate Yara 9WU142 OPAL 0001SED7
Samsung (SM 841)
MZ7PD128HAFV-000H7
MZ7PD256HAFV-000H7
SSD OPAL DXM05H6Q
Supported Smart Card
Vendor Model # Middleware
ActivIdentity Cyberflex Access 64K V2c ActivClient7.0.2.25
Encryption Strength - AES 256
Certification - FIPS 140-2 Level 1
Pre-boot Authentication
HPDE has it is own pre-boot login environment that requires users to authenticate.
Windows 8 Native UEFI: When the drive is encrypted, WinMagic’s Pre-boot UEFI (PBU) performs pre-boot
authentication (PBA) BEFORE the drive can be accessed by the Windows Boot Loader. In order to prevent PBU
getting removed from the BootOrder (for example with Windows 8 “Refresh your PC” and Windows 8 “Reset
your PC”) and thus potentially compromising access to the encrypted disk without authentication, HP and
WinMagic implemented the FilterBootOrder (FBO) variable which is created by HPDE pre-boot to register PBA
with HP BIOS. HP BIOS is expected to function as designed only if FBO exists. FBO gets removed if HPDE is either
uninstalled or if a user performs Windows 8 Reset to Plain Text.
Windows 7 Legacy: When the drive is encrypted, WinMagic’s Pre-boot Linux (PBL) performs pre-boot
authentication (PBA) BEFORE the drive can be accessed by the Windows Boot Loader. In order to support F11
Recovery for SEDs, HPDE requires INT15h implementation in HP BIOS. INT15h-implemented HP BIOS will detect
if OPAL mode is enabled and then will display F11 Recovery prompt. Without INT15h implementation, HP BIOS
cannot determine if the recovery partition is really present or not. When F11 is pressed, HP BIOS stores a value
in memory indicating F11 was pressed (to be later returned by an INT15h call) and will then boot the hard drive.
This will launch the PBA code which authenticates the user and will launch the recovery partition.
Authentication and Recovery Methods
o Authentication: Password, Fingerprint, Smart Card
o Recovery: SpareKey and recovery using the backed up encryption key
Drive Encryption pre-boot supports Microsoft SecureBoot if enabled.
One Step Logon, when configured to work between three domains (BIOS, Drive Encryption and Windows), will
bypass Drive Encryption pre-boot after user authenticates at HP BIOS. In the event that Drive Encryption is the