HP PC Commercial BIOS (UEFI) Setup Administration Guide For Business Notebook and Desktop 2015 Models - Technical whitepaper

ManualsBrandsHP ManualsDesktopsHP ProBook 640 G2 Notebook PC

May 2016

857394-002

HP PC Commercial BIOS (UEFI) Setup

5 Advanced Menu 33

5.5 Secure Boot Configurations Menu

Submenu to configure Secure Boot. Starting with Windows 8, Secure Boot is a UEFI feature that helps resist attacks and

infection from malware. From the factory, your system came with a list of keys that identify trusted hardware, firmware,

and an operating system loader code. It also created a list of keys to identify known malware.

Table 20 Secure Boot Configurations Menu features

Feature

Type

Description

Default

Notes

Configure Legacy

Support and Secure

Boot

Setting

Legacy Support is the ability to boot from a non-UEFI device.

Only UEFI devices can support Secure Boot. The following

settings are possible:

 Legacy Support Enable and Secure Boot Disable

 Legacy Support Disable and Secure Boot Enable

 Legacy Support Disable and Secure Boot Disable

2014 Notebook: Advanced -> Boot Options -> Boot Mode

 Legacy

 UEFI Hybrid (With CSM)

 UEFI Native (Without CSM)

2014 Desktop: Security -> Secure Boot Configuration

-> Legacy support

-> Secure Boot

Legacy Support

Enable and

Secure Boot

Disable

 Clear Secure Boot

Keys

One

Time

Action

When checked, clears the Secure Boot keys one time on next

save and exit. This setting will be unchecked again, when you

return from exit. This action is not available with Legacy

Support enabled or when no keys are present, possibly from a

previous clear command.

2014 Notebook: Advanced -> Boot Options -> Clear Secure

Boot Keys

2014 Desktop: Security -> Secure Boot Configuration

-> Clear Secure Boot Keys

-> Key Ownership: HP Keys

Unchecked

 Reset Secure Boot

Keys to Factory

Defaults

One

Time

Action

When checked, restores secure boot keys to factory defaults

one time on next save and exit. This setting will be unchecked

again, when you return from exit.

2014 Notebook: Advanced -> Boot Options -> User Mode -> HP

Factory Keys

Unchecked

 Enable MS UEFI CA

key

Setting

When checked, the Microsoft (MS) UEFI Certificate Authority

(CA) key is trusted by Secure Boot

Note: Uncheck this to support Windows 10 Device Guard

feature

2014 Notebook and Desktop: New

Checked