HP Business Desktops BIOS
Out of this general model, a set of security policies will usually be put in place to adapt this model to
the specific needs of each organization. This allows the proper balance between security and ease of
use. The HP BIOS plays a vital role in enabling each part of the security model and has the flexibility
to let the system administrator develop an effective set of security policies for their organization.
In order for the administrator to trust the user, the administrator must trust that the user’s platform can
prevent unauthorized access (authentication) and unauthorized changes to the established trusted
platform state. Likewise, in order for the user to trust the administrator, the user must also trust that the
platform can prevent unauthorized access (authentication) and unauthorized changes to the
established trusted platform state.
Thus, both the administrator and the user must trust the platform to be secure. The HP BIOS security
features work equally well to assure trust in the platform for both the user and the administrator. The
following table lists possible attacks on a computer and how the HP BIOS security features help
protect the system.
Computer Attacks
Attack BIOS Enabled Security Features
Subversion of OS security by booting rogue OS. Removable media boot disable.
Network Service Boot —> Boot Source
Network Service Boot —> Disable
Boot Order —> Device Disable
DriveLock (for MultiBay HDD)
IDE/SATA controller —> Disable
USB port —> Disable
Power-on Password
Longhorn Secure startup support*
Removal of Sensitive Data I/O port —> disable
IDE/SATA controller —> Disable
DriveLock (for MultiBay HDD)
Diskette Write Protect
TPM support
Longhorn Secure startup support*
Removal of hardware devices Hoodlock Control
Computer startup by unauthorized users Power-on Password
User Smart Card
TPM Preboot Authentication
Attacks on BIOS Settings Setup Password
Administrator Smart Card
Flash of rogue computer BIOS image Setup Password
Administrator Smart Card
TPM/TCG BIOS metrics
8