HP PC Commercial BIOS (UEFI) Setup Administration Guide For Commercial Platforms using HP BIOSphere Gen 3-5 2016 -2019 Technical Whitepaper
HP PC Commercial BIOS (UEFI) Setup 
June 2019 
919946-004 
© Copyright 2016-2019 HP Development Company, L.P. 
4 Security Menu 19 
Feature 
Type 
Description 
Default 
Notes 
Secure Platform 
Management (SPM) 
Menu 
Options for managing HP Sure Run and HP Sure 
Recover 
 Physical Presence 
Interface 
Enable or disable the local prompt to confirm that a 
sensitive setting change was requested by the user. 
Checked 
Smart Cover 
Menu 
Controls settings for Cover Lock and Cover Sensor on 
desktop models. 
Desktop 
 Trusted Execution 
Technology (TXT) 
Setting 
When checked, enables Trusted Execution 
Technology on select Intel-based systems. 
NOTE: Enabling this feature disables OS management 
of Embedded Security Device, prevents a reset of the 
Embedded Security Device, and constrains the 
configuration of VTx, VTd, and Embedded Security 
Device 
Unchecked 
Intel Only 
Reboot 
Required 
Intel Software Guard 
Extensions (SGX) 
Setting 
Enables Intel Software Guard Extensions. The 
following settings are possible: 
•  Disable 
•  Enable 
•  Software control (2016 or later) 
Software 
control 
–or– 
Disable (non-
vPro & 2015) 
Intel Only 
Hard Drive Utilities 
Menu 
Utilities to protect private information on individual 
hard drives: Drive Lock and Secure Erase. 
Absolute Persistence 
Module 
Label 
A subscription service that provides PC theft recovery, 
tracking and data delete solutions 
Activation Status 
Display 
Only 
The subscription status can be inactive, active, or 
permanently disabled. 
Inactive 
Absolute Persistence 
Module Permanent 
Disable 
Display 
Only 
Shows current state of the Absolute Persistence 
module (Yes = disabled, No = available). 
No 
 System Management 
Command 
Setting 
When checked, allows authorized HP service 
personnel in possession of the PC to reset security 
settings in case of a customer service event. For 
customers that require more BIOS security, uncheck 
this to prevent this type of HP service command. 
NOTE: If BIOS password is lost and this option is 
disabled, HP authorized personnel cannot remove a 
lost password. 
Checked 
Reboot 
Required 
Restore Security Settings 
to Default 
Action 
Apply factory defaults to all security settings. 
NOTE: Escaping (ESC) at the Reset Request screen will 
leave settings as they were except for the 
Administrator & Power-on passwords which are still 
cleared. 
Reboot 
Required 










