HP EliteBook 735 PC Commercial BIOS UEFI Setup - Page 29

Secure Platform Management SPM

Get HP EliteBook 735 PDF manuals and user guides View all HP EliteBook 735 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 29 highlights

HP PC Commercial BIOS (UEFI) Setup July 2020 919946-004 Ready BIOS for Device Guard Use Action Ready BIOS for Device Guard Use includes a drop-down box that automatically configures the BIOS settings that Windows requires to enable Device Guard, or to change the configuration back to the configuration before Device Guard was enabled. Device Guard is a Windows feature that enables higher security around drivers and BIOS behavior. The following settings are possible: • Configure on Next Boot • Clear Configuration on Next Boot When set to Configure on Next Boot, the BIOS changes the following settings to the states required by Device Guard after saving changes and exit. • Virtualization features are enabled. • Removable and network boot devices are disabled (for example, USB boot, CD-ROM boot, Thunderbolt™ boot, etc.). • MS UEFI CA Key is disabled. When set to Clear Configuration on Next Boot, the BIOS sets the listed features to their Custom Default state if custom defaults have been saved. If custom defaults have not been saved, the BIOS restores the listed features to their factory default states. 4.6 Secure Platform Management (SPM) This submenu controls settings for Secure Platform Management that are used for secure enablement and management of the HP Sure Run, Sure Recover, and Sure Admin (Enhanced BIOS Authentication Mode) capabilities. You cannot provision SPM and activate HP Sure Run directly from the BIOS Setup interface. You can provision SPM using HP Client Security Manager Software or the HP Manageability Integration Kit. When provisioned, the controls in this menu can be used to deprovision the system or deactivate HP Sure Run. Table 16 Secure Platform Management Menu features Feature SPM Current State Unprovision SPM HP Sure Run Current State Deactivate HP Sure Run HP Sure Admin - EBAM Current State Type Setting (Display Only) Action Setting (Display Only) Action Setting (Display Only) Description • Provisioned • Not provisioned This action deprovisions SPM, which causes HP Sure Run to revert to the Inactive state and return HP Sure Recover to default settings. • Active • Inactive This action deactivates HP Sure Run without deprovisioning SPM. • Enabled • Disabled Default Not provisioned Inactive Disabled Notes Disable EBAM Action This action disables Enhanced BIOS Authentication Mode (EBAM) © Copyright 2016-2020 HP Development Company, L.P. 4 Security Menu 29

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
HP PC Commercial BIOS (UEFI) Setup
July 2020
919946-004
© Copyright 2016-2020 HP Development Company, L.P.
4 Security
Menu
29
Ready BIOS for
Device Guard
Use
Action
Ready BIOS for Device Guard Use includes a drop-down box that
automatically configures the BIOS settings that Windows requires to
enable Device Guard, or to change the configuration back to the
configuration before Device Guard was enabled. Device Guard is a
Windows feature that enables higher security around drivers and
BIOS behavior.
The following settings are possible:
Configure on Next Boot
Clear Configuration on Next Boot
When set to Configure on Next Boot, the BIOS changes the following
settings to the states required by Device Guard after saving changes
and exit.
Virtualization features are enabled.
Removable and network boot devices are disabled (for
example, USB boot, CD-ROM boot,
Thunderbolt™
boot,
etc.).
MS UEFI CA Key is disabled.
When set to Clear Configuration on Next Boot, the BIOS sets the
listed features to their Custom Default state if custom defaults have
been saved. If custom defaults have not been saved, the BIOS
restores the listed features to their factory default states.
4.6
Secure Platform Management (SPM)
This submenu controls settings for Secure Platform Management that are used for secure enablement and management of
the HP Sure Run, Sure Recover, and Sure Admin (Enhanced BIOS Authentication Mode) capabilities.
You cannot provision SPM and activate HP Sure Run directly from the BIOS Setup interface. You can provision SPM using HP
Client Security Manager Software or the HP Manageability Integration Kit. When provisioned, the controls in this menu can
be used to deprovision the system or deactivate HP Sure Run.
Table 16
Secure Platform Management Menu features
Feature
Type
Description
Default
Notes
SPM Current
State
Setting
(Display
Only)
Provisioned
Not provisioned
Not
provisioned
Unprovision
SPM
Action
This action deprovisions SPM, which causes HP Sure Run to revert to
the Inactive state and return HP Sure Recover to default settings.
HP Sure Run
Current State
Setting
(Display
Only)
Active
Inactive
Inactive
Deactivate HP
Sure Run
Action
This action deactivates HP Sure Run without deprovisioning SPM.
HP Sure Admin
EBAM
Current State
Setting
(Display
Only)
Enabled
Disabled
Disabled
Disable EBAM
Action
This action disables Enhanced BIOS Authentication Mode (EBAM)