HP Business Notebook Password Localization Guidelines V1.0 November 2009 Table of Contents: 1. Introduction…………………………………………………………………………………………..2 2. Supported Platforms………………………………………………………………………………...2 3. Overview of Design…………………………………………………………………………….......3 4. Supported Keyboard Layouts in Preboot and Drive Encryption…………………………………3 5. HP ProtectTools Security Manager Filter Logic……………………………………………….……6 6. How Preboot BIOS Implements the Password Filter And Handles Dead Keys……………….…7 7.
1. Introduction HP has implemented the One Step Logon feature on its 2008 and newer commercial portable computers. The HP ProtectTools Security Manager wizard enables various security levels to protect the computer system and the data. The security levels that can be set are: HP Credential Manager – Protects your Windows account Preboot Security – Protects your computer before booting to OS. HP Drive Encryption – Protects your computer data by encrypting the hard drive.
. Overview of Design The goal of the HP ProtectTools implementation is to use password filters to reject passwords that might lock out a user at the Preboot BIOS level or Drive Encryption level. The ProtectTools Security Manager will be responsible to reject a user password at setup or password change time. A password can be acceptable for the Windows password, but if allowed may cause a lock out at Preboot BIOS or Drive Encryption level.
HP Keyboards Common Name in Microsoft Windows Vista Code (hex) Arabic (101) Arabic (101) 0401 Belgian (Comma) Belgian (Comma) 1080c Canadian French (Legacy) Canadian French (Legacy) 0c0c Canadian French Canadian French 1009 Chinese Bopomofo Chinese (Traditional) - US Keyboard 0404 Chinese ChaJei Chinese (Simplified) - US Keyboard 0804 Czech Czech 0405 Danish Danish 0406 Dutch Dutch 0413 Estonian Estonian 0425 Finnish Finnish 040b French French 040c German German 0407
HP Keyboards Common Name in Microsoft Windows Vista Code (hex) Norwegian Norwegian 0414 Polish (Programmers) Polish (Programmers) 0415 Polish (214) Polish (214) 10415 Portuguese Portuguese 0816 Portuguese (Brazilian) Portuguese (Brazilian ABNT) 0416 Romanian Romanian (Legacy) 0418 Slovakian Slovak 041b Slovenian Slovenian 0424 Spanish Spanish 0c0a Spanish (International) Spanish Variation 1040a Swedish Swedish 041d Swiss Swiss German 0807 Thai (Kedmanee) Thai Kedmanee
5. HP ProtectTools Security Manager Filter Logic In order to prevent a lock out situation, the first level of defense is implemented by the HP ProtectTools Security Manager. It installs a password filter to reject those Windows passwords that may possibly cause a lock out in Preboot BIOS or Drive Encryption.
6. How Preboot BIOS Implements the Password Filter And Handles Dead Keys The HP BIOS implements a second level password filter to further prevent the lock‐out situation. HP BIOS Preboot and HP Drive Encryption contain the keyboard mappings for all the supported keyboards listed above. When a user is setting up Preboot Security with the BIOS Preboot or Drive Encryption levels enabled, or when a user changes his/her password, the BIOS Preboot and Drive Encryption receives the Unicode password from the OS.
7. Exceptions Windows IME is not supported at the Preboot Security Level and the HP Drive Encryption Level In Windows, the user can choose an IME (Input Method Editor) to enter complex characters and symbols, such as Japanese or Chinese characters, by using a standard western keyboard. The IME is not supported at Preboot and HP Drive Encryption level. Windows password entered with IME may not be entered at the Preboot or HP Drive Encryption level and may result in a lockout situation.
Password change on different keyboard layouts may have potential issues If the password is initially set with one keyboard layout – e.g. US English (409) and then the user changes the password using a different but also supported keyboard layout – e.g. Latin American (080A), the password change will work in Drive Encryption but will fail in BIOS if the user uses characters which exist on the latter (say ē) but not on the former.
Characters Not Supported Arabic Windows BIOS The أل, إل, الkeys The أل, إل, الkeys generate two generate one characters character Drive Encryption The أل, إل, الkeys generate one character French Canadian Windows BIOS Drive Encryption ç, è, à, é with cap locks are Ç, È, À, É in windows ç, è, à, é with cap locks is ç, è, à, è in bios ç, è, à, é with cap locks is ç, è, à, è in FVE Spanish 40a is not supported US Int’l Windows The ¡, ¤, ‘, ’, ¥, × keys are rejected on the to
Czech Windows The ğ key is rejected The į key is rejected The ų key is rejected The ė ı ż keys are rejected The ģ ķ ļ ņ ŗ keys are rejected Slovakian Windows BIOS The ż key rejected The š, ś, ş keys is rejected when typed, but accepted with the soft keyboard The ţ dead key is generating two characters Hungarian Windows BIOS The ż key is rejected The ţ key generates two keys 11
Slovenian Windows BIOS żŻ key rejected in windows and bios alt gr dead key ú, Ú, ů, Ů, ş, Ş, ś, Ś, š, and Š key rejected in bios Able to login with soft keyboard for all keys. 8. What to do when a password is rejected Passwords can be rejected for the following reasons: 1. User is using an IME keyboard which is not supported. This is a common issue with double‐byte languages (Korean, Japanese, Chinese …).
