HP 4510s HP Business Notebook HP_TOOLS Partition Guidelines - Page 5

7. Preboot Security Requirements Signed Preboot Applications When a preboot application is launched, it has as much control of the system resource as the BIOS. Since these applications reside on the public hard drive partition which are easily accessible and thus hacked, it's necessary for BIOS to only launch HP signed preboot applications. Additional F10 Policies for Preboot Environment BIOS F10 provides several policies to control the availability of Boot from EFI File option in the Boot Manager when F9 is pressed (for details, see How EFI Launches EFI Applications) System Configuration ‐> Device Configurations UEFI Boot Mode Enable/Disable Default: Disable This policy controls whether the BIOS allows to boot to an EFI file. For security, it's recommended to be disabled. When UEFI Boot Mode is disabled, the "Boot from EFI File" option will not show up in the Boot Manager when F9 is pressed. In such a case, the only way to launch HP EFI applications is to use the hot key. Customized Logo Enable/Disable Default: Disable The EFI BIOS provides the nice feature for the user to customize the logo displaying during the boot. The logo is a bitmap file that a customer can add/change on the HP_TOOLS partition. Since BIOS can't check the signature of the customized logo bitmap files, it may be used as an attack tool of the BIOS post process. Thus an option is needed to disable this capability for the highly sensitive security environment. HP QuickLook Enable/Disable Default: Enable The EFI BIOS provides the following policy to control the availability of the QuickLook application option. HP QuickWeb Enable/Disable Default: Enable 5