HP Business Desktops BIOS
factor authentication is selected, the smart card could be stolen and an unauthorized person might 
gain access to the machine. 
Each smart card holds a BIOS passphrase as its credential. This BIOS pass phrase is a string of up to 
32 characters. This pass phrase can be chosen by the administrator or a random 32-byte value can 
be generated by the smart card tools. The administrator may configure the computer so that the 
DriveLock passwords are established by using the smart card pass phrases. In this case, the smart 
card pass phrase will automatically be used to unlock the drive during startup. 
Preventing unauthorized data removal 
Device security is a feature that uses either chipset or motherboard hardware to hide I/O 
(input/output) ports from the OS or disable mass storage controllers or devices. When hidden, the 
selected ports are not accessible to the OS or any other software. Only the BIOS can re-enable these 
ports. This feature is useful for those that are concerned about unauthorized removal of sensitive data 
from the machine using these I/O ports. The ports that can be secured may vary by model, but 
generally include the serial port(s), parallel port, USB port(s), network connection, and audio. 
The IDE and SATA controllers can also be disabled, preventing devices from functioning on these 
ports. In addition, the diskette controller can be set to disallow saving data to the diskette. 
Physically securing the platform hardware 
The BIOS provides control with two types of physical security: hood latch and hood sensor. The hood 
latch is an electronically controlled mechanism that locks the chassis hood. The hood sensor is a 
device that detects if the chassis hood has been opened or removed. The administrator has the choice 
of which security policy to enable if a hood sensor event should happen: 
•  Notify the user on the next startup that the chassis hood has been removed 
•  Require administrator authorization to continue the startup process 
•  Ignore any chassis hood removal 
12 










