HP EliteDesk 800 G1 Ultra-slim PC Client Security Commercial Managed IT Softwa - Page 29
Pre-boot Authentication
![]() |
View all HP EliteDesk 800 G1 Ultra-slim PC manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 29 highlights
o Windows 8.1 (32-bit and 64-bit) Supported Languages o HPDE supports 35 languages (English, Brazilian Portuguese, Czech, French, German, Italian, Japanese, Korean, Russian, Simplified Chinese, Traditional Chinese (Taiwan/Hong Kong), Spanish, Thai, Arabic, Danish, Dutch, Finnish, Polish, Sweden, Turkish, Bulgarian, Hebrew, Hungarian, Norwegian, Portuguese (Iberian), Slovak, Croatian, Estonian, Greek, Latvian, Lithuanian, Romanian, Serbian, Slovenian). Supported SED's (other drives may work, but these have been pre-qualified): Vendor Micron Seagate Yara Samsung (SM 841) Supported Smart Card Model # MTFDDAK256MAM-1K12 9WU142 MZ7PD128HAFV-000H7 MZ7PD256HAFV-000H7 Drive Type SSD OPAL OPAL SSD OPAL Firmware 08TH 0001SED7 DXM05H6Q Vendor ActivIdentity Model # Cyberflex Access 64K V2c Encryption Strength - AES 256 Certification - FIPS 140-2 Level 1 Middleware ActivClient7.0.2.25 Pre-boot Authentication HPDE has it is own pre-boot login environment that requires users to authenticate. Windows 8 Native UEFI: When the drive is encrypted, WinMagic's Pre-boot UEFI (PBU) performs pre-boot authentication (PBA) BEFORE the drive can be accessed by the Windows Boot Loader. In order to prevent PBU getting removed from the BootOrder (for example with Windows 8 "Refresh your PC" and Windows 8 "Reset your PC") and thus potentially compromising access to the encrypted disk without authentication, HP and WinMagic implemented the FilterBootOrder (FBO) variable which is created by HPDE pre-boot to register PBA with HP BIOS. HP BIOS is expected to function as designed only if FBO exists. FBO gets removed if HPDE is either uninstalled or if a user performs Windows 8 Reset to Plain Text. Windows 7 Legacy: When the drive is encrypted, WinMagic's Pre-boot Linux (PBL) performs pre-boot authentication (PBA) BEFORE the drive can be accessed by the Windows Boot Loader. In order to support F11 Recovery for SEDs, HPDE requires INT15h implementation in HP BIOS. INT15h-implemented HP BIOS will detect if OPAL mode is enabled and then will display F11 Recovery prompt. Without INT15h implementation, HP BIOS cannot determine if the recovery partition is really present or not. When F11 is pressed, HP BIOS stores a value in memory indicating F11 was pressed (to be later returned by an INT15h call) and will then boot the hard drive. This will launch the PBA code which authenticates the user and will launch the recovery partition. Authentication and Recovery Methods o Authentication: Password, Fingerprint, Smart Card o Recovery: SpareKey and recovery using the backed up encryption key Drive Encryption pre-boot supports Microsoft SecureBoot if enabled. One Step Logon, when configured to work between three domains (BIOS, Drive Encryption and Windows), will bypass Drive Encryption pre-boot after user authenticates at HP BIOS. In the event that Drive Encryption is the 29
![](/manual_guide/products/hewlettpackard-elitedesk-800-g1-ultraslim-pc-client-security-commercial-managed-software-429ab84/29.png)