HP EliteBook 735 PC Commercial BIOS UEFI Setup - Page 28

HP PC Commercial BIOS (UEFI) Setup July 2020 919946-004 Feature  Sure Start Secure Boot Keys Protection  Enhanced HP Firmware Runtime Intrusion Prevention and Detection  HP Firmware Runtime Intrusion Detection Sure Start Security Event Policy Sure Start Security Event Boot Notification Type Setting Setting Setting Setting Description Saves backup copy of Secure Boot Keys so that they can be recovered if someone attempts to alter them in an unauthorized manner. Monitors key areas of memory for corruption or attack, notifies user of attack (based on the settings in Sure Start Security Event Policy), and prevents the attack from taking place. NOTE: Only available on certain Intel systems. Monitors key areas of memory for corruption or attack and notifies user of attack (based on the settings in Sure Start Security Event Policy). NOTE: Only available on certain AMD chipset systems 2016 or later. Determines how to respond to a detected event: • Log the event in the audit log. • Log the event in the audit log and prompt the user to acknowledge the event. • Log the event in the audit log and power off the system. Prior to 2016: Not available Enable a warning message at boot screen if there is a Sure Start event (BIOS recovery, Memory intrusion, etc.) Default Checked Checked Checked Log Event and notify user Require Acknowledgment Notes 4.5 Secure Boot Configuration Menu This submenu controls settings for the Secure Boot OS loader feature. Table 15 Secure Boot Menu features Feature  Secure Boot Type Setting Description When checked, this enable the Secure Boot capability. Default Enable Notes  Import Custom Secure Boot keys  Clear Secure Boot Keys  Reset Secure Boot keys to factory defaults  Enable MS UEFI CA key Setting One Time Action One Time Action Setting When checked and system is rebooted, custom secure boot keys are imported from the EFI\HP directory from the hard drive or USB device. The custom keys consist of PK, KEK, DB, and Dbx .bin files. When import succeeds or fails, a preboot prompt shows the results of each key bin file. When checked, clears the Secure Boot keys one time on next save and exit. This setting will be unchecked again when you return from exit. This action is not available when no imported keys are present. When checked, restores secure boot keys to factory defaults one time on next save and exit. This setting will be unchecked again, when you return from exit. When checked, the Microsoft (MS) UEFI Certificate Authority (CA) key is trusted by Secure Boot NOTE: Uncheck this to support Windows 10 Device Guard feature Unchecked Unchecked Unchecked Checked Reboot Required Reboot Required Reboot Required © Copyright 2016-2020 HP Development Company, L.P. 4 Security Menu 28