HP EliteBook 735 PC Commercial BIOS UEFI Setup - Page 26

Trusted Platform Module TPM Embedded Security Menu

Get HP EliteBook 735 PDF manuals and user guides View all HP EliteBook 735 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 26 highlights

HP PC Commercial BIOS (UEFI) Setup July 2020 919946-004 4.3 Trusted Platform Module (TPM) Embedded Security Menu This submenu for the Trusted Platform Module (TPM.) is a dedicated microprocessor that provides security functions for secure communication and software and hardware integrity. The built-in TPM hardware solution is more secure than a software-only solution. Table 13 TPM Embedded Security Menu features Feature TPM Specification Version TPM Device  TPM State Clear TPM TPM Activation Policy Type Display Only Setting Setting Action Setting Description The Trusted Computing Group (TCG) is an industry group that defines specifications for a TPM. As of this writing, possible TPM specification versions are 1.2 or 2.0. NOTE: Windows 10 requires TPM 2.0 capability. Makes the TPM available. The following settings are possible: • Available • Hidden When checked, enables the ability for the OS to take ownership of the TPM (v1.2) or enables OS and application access to the various security capabilities of the TPM (v2.0). When selected, clears the TPM on the next boot. After clearing the TPM, this resets to No. The following settings are possible: • No • On next boot This setting allows an administrator to choose between convenience and extra security. The extra security is to ensure that the user of the system will at least see that the TPM device upgraded its firmware (F1 to Boot), or at most the user has the ability to reject the upgrade of the TPM device (Allow user to reject.) These user prompts limit the impact of remote attacks on the system by requiring a user to be physically present for the upgrade. When security of the system is of less concern, the third option (No prompts) removes any requirement for a user to acknowledge the upgrade. This last option is the most convenient for remotely upgrading many systems at once. The following settings are possible: • F1 to Boot • Allow user to reject • No prompts Default 2.0 Available Checked No Allow user to reject Notes Reboot, Physical Presence Required Reboot, Physical Presence Required Reboot Required HP recommends an option that requires the physical presence of the user © Copyright 2016-2020 HP Development Company, L.P. 4 Security Menu 26

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
HP PC Commercial BIOS (UEFI) Setup
July 2020
919946-004
© Copyright 2016-2020 HP Development Company, L.P.
4 Security
Menu
26
4.3
Trusted Platform Module (TPM) Embedded Security Menu
This submenu for the Trusted Platform Module (TPM.) is a dedicated microprocessor that provides security functions for
secure communication and software and hardware integrity. The built-in TPM hardware solution is more secure than a
software-only solution.
Table 13
TPM Embedded Security Menu features
Feature
Type
Description
Default
Notes
TPM
Specification
Version
Display
Only
The Trusted Computing Group (TCG) is an industry group that
defines specifications for a TPM. As of this writing, possible TPM
specification versions are 1.2 or 2.0.
NOTE
: Windows 10 requires TPM 2.0 capability.
2.0
TPM Device
Setting
Makes the TPM available. The following settings are possible:
Available
Hidden
Available
Reboot, Physical
Presence Required
TPM State
Setting
When checked, enables the ability for the OS to take ownership of
the TPM (v1.2) or enables OS and application access to the
various security capabilities of the TPM (v2.0).
Checked
Reboot, Physical
Presence Required
Clear TPM
Action
When selected, clears the TPM on the next boot. After clearing
the TPM, this resets to No. The following settings are possible:
No
On next boot
No
Reboot Required
TPM
Activation
Policy
Setting
This setting allows an administrator to choose between
convenience and extra security. The extra security is to ensure
that the user of the system will at least see that the TPM device
upgraded its firmware (F1 to Boot), or at most the user has the
ability to reject the upgrade of the TPM device (Allow user to
reject.)
These user prompts limit the impact of remote attacks on
the system by requiring a user to be physically present for the
upgrade. When security of the system is of less concern, the third
option (No prompts) removes any requirement for a user to
acknowledge the upgrade. This last option is the most convenient
for remotely upgrading many systems at once.
The following settings are possible:
F1 to Boot
Allow user to reject
No prompts
Allow
user to
reject
HP recommends
an option that
requires the
physical presence
of the user