HP EliteBook 735 PC Commercial BIOS UEFI Setup - Page 29
Secure Platform Management SPM
View all HP EliteBook 735 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 29 highlights
HP PC Commercial BIOS (UEFI) Setup July 2020 919946-004 Ready BIOS for Device Guard Use Action Ready BIOS for Device Guard Use includes a drop-down box that automatically configures the BIOS settings that Windows requires to enable Device Guard, or to change the configuration back to the configuration before Device Guard was enabled. Device Guard is a Windows feature that enables higher security around drivers and BIOS behavior. The following settings are possible: • Configure on Next Boot • Clear Configuration on Next Boot When set to Configure on Next Boot, the BIOS changes the following settings to the states required by Device Guard after saving changes and exit. • Virtualization features are enabled. • Removable and network boot devices are disabled (for example, USB boot, CD-ROM boot, Thunderbolt™ boot, etc.). • MS UEFI CA Key is disabled. When set to Clear Configuration on Next Boot, the BIOS sets the listed features to their Custom Default state if custom defaults have been saved. If custom defaults have not been saved, the BIOS restores the listed features to their factory default states. 4.6 Secure Platform Management (SPM) This submenu controls settings for Secure Platform Management that are used for secure enablement and management of the HP Sure Run, Sure Recover, and Sure Admin (Enhanced BIOS Authentication Mode) capabilities. You cannot provision SPM and activate HP Sure Run directly from the BIOS Setup interface. You can provision SPM using HP Client Security Manager Software or the HP Manageability Integration Kit. When provisioned, the controls in this menu can be used to deprovision the system or deactivate HP Sure Run. Table 16 Secure Platform Management Menu features Feature SPM Current State Unprovision SPM HP Sure Run Current State Deactivate HP Sure Run HP Sure Admin - EBAM Current State Type Setting (Display Only) Action Setting (Display Only) Action Setting (Display Only) Description • Provisioned • Not provisioned This action deprovisions SPM, which causes HP Sure Run to revert to the Inactive state and return HP Sure Recover to default settings. • Active • Inactive This action deactivates HP Sure Run without deprovisioning SPM. • Enabled • Disabled Default Not provisioned Inactive Disabled Notes Disable EBAM Action This action disables Enhanced BIOS Authentication Mode (EBAM) © Copyright 2016-2020 HP Development Company, L.P. 4 Security Menu 29