HP Engage Go 10 Maintenance and Service Guide - Page 54

Option, Description, Secure Boot Configuration, Secure Platform Management SPM

Get HP Engage Go 10 PDF manuals and user guides View all HP Engage Go 10 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 54 highlights

Table 5-2 Computer Setup Security (continued) Option Description ● Enhanced HP Firmware Runtime Intrusion Prevention and Detection: Enables monitoring of HP system firmware executing out of main memory while the operating system is running. Any anomalies detected in HP system firmware that is active while the operating system is running will result in a Sure Start security event being generated. ● Sure Start Security Event Policy. Controls HP Sure Start behavior upon identifying a critical security event (any modification to HP firmware) while the operating system is running. - Log Event Only: HP Sure Start will log all critical security events in the HP Sure Start audio log within the HP Sure Start nonvolatile (flash) memory. - Log Event and notify user: In addition to logging all critical security events, HP Sure Start will notify the user within the operating system that a critical event has occurred. - Log Event and power off system: In addition to logging all critical security events, HP Sure Start turns of the computer upon detecting a HP Sure Start Security Event. Because of the potential for data loss, HP recommends this setting only in situations where security integrity of the system is a higher priority than the risk of potential data loss. ● Sure Start Security Event Boot Notification: Lets you enable a warning message on the startup screen if there is a Sure Start event (BIOS recovery, Memory intrusion, etc.) Secure Boot Configuration. Lets you be sure that an operating system is legitimate before booting to it, making Windows resistant to malicious modification from preboot to full operating system booting, preventing firmware attacks. UEFI and Windows Secure Boot only allow code signed by preapproved digital certificates to run during the firmware and OS boot process. NOTE: An administrator password must be set to activate this setting. Secure Boot must also be enabled. ● Secure Boot: Default is disabled. ● Secure Boot Key Management: Lets you manage the custom key settings. NOTE: Access to these settings requires Sure Start Secure Boot Keys Protection to be disabled. Import Custom Secure Boot Keys: Default is disabled. Clear Secure Boot keys: Lets you delete any previously loaded custom boot keys. Clearing keys will disable secure boot. Default is disabled. Reset Secure Boot keys to factory defaults: Default is disabled. Enable MS UEFI CA key: Disabling this setting alters the Secure Boot key list to further restrict the allowed software components. Set this option to disable to support Device Guard. Default is enabled. ● Ready BIOS for Device Guard Use: Requires BIOS Administrator password to be configured and Secure Boot to be enabled. Secure Platform Management (SPM) ● SPM Current State: Displays the current state. Also lets you change the state. ● Unprovision SPM: Deprovisions SPM, which causes HP Sure Run to revert to the inactive state and return HP Sure Recover to default settings. ● HP Sure Run Current State: Displays the current state. Also lets you change the state. Deactivate HP Sure Run: Deactivates HP Sure Run without deprovisioning SPM. ● Smart Health Enable ● EBAM Current State: Displays the current state. Also lets you change the state. Disable EBAM: Disables Enhanced BIOS Authentication Mode (EBAM). 46 Chapter 5 Computer Setup (F10) Utility

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
Table 5-2
Computer Setup Security (continued)
Option
Description
Enhanced HP Firmware Runtime Intrusion Prevention and Detection: Enables monitoring of HP
system firmware executing out of main memory while the operating system is running. Any
anomalies detected in HP system firmware that is active while the operating system is running will
result in a Sure Start security event being generated.
Sure Start Security Event Policy. Controls HP Sure Start behavior upon identifying a critical security
event (any modification to HP firmware) while the operating system is running.
Log Event Only: HP Sure Start will log all critical security events in the HP Sure Start audio log
within the HP Sure Start nonvolatile (flash) memory.
Log Event and notify user: In addition to logging all critical security events, HP Sure Start will
notify the user within the operating system that a critical event has occurred.
Log Event and power off system: In addition to logging all critical security events, HP Sure Start
turns of the computer upon detecting a HP Sure Start Security Event. Because of the potential
for data loss, HP recommends this setting only in situations where security integrity of the
system is a higher priority than the risk of potential data loss.
Sure Start Security Event Boot Notification: Lets you enable a warning message on the startup
screen if there is a Sure Start event (BIOS recovery, Memory intrusion, etc.)
Secure Boot Configuration
.
Lets you be sure that an operating system is legitimate before booting to it, making Windows resistant to
malicious modification from preboot to full operating system booting, preventing firmware attacks. UEFI
and Windows Secure Boot only allow code signed by preapproved digital certificates to run during the
firmware and OS boot process.
NOTE:
An administrator password must be set to activate this setting. Secure Boot must also be
enabled.
Secure Boot: Default is disabled.
Secure Boot Key Management: Lets you manage the custom key settings.
NOTE:
Access to these settings requires Sure Start Secure Boot Keys Protection to be disabled.
Import Custom Secure Boot Keys: Default is disabled.
Clear Secure Boot keys: Lets you delete any previously loaded custom boot keys. Clearing keys will
disable secure boot. Default is disabled.
Reset Secure Boot keys to factory defaults: Default is disabled.
Enable MS UEFI CA key: Disabling this setting alters the Secure Boot key list to further restrict the
allowed software components. Set this option to disable to support Device Guard. Default is
enabled.
Ready BIOS for Device Guard Use: Requires BIOS Administrator password to be configured and
Secure Boot to be enabled.
Secure Platform Management (SPM)
SPM Current State: Displays the current state. Also lets you change the state.
Unprovision SPM: Deprovisions SPM, which causes HP Sure Run to revert to the inactive state and
return HP Sure Recover to default settings.
HP Sure Run Current State: Displays the current state. Also lets you change the state.
Deactivate HP Sure Run: Deactivates HP Sure Run without deprovisioning SPM.
Smart Health Enable
EBAM Current State: Displays the current state. Also lets you change the state.
Disable EBAM: Disables Enhanced BIOS Authentication Mode (EBAM).
46
Chapter 5
Computer Setup (F10) Utility