HP EliteDesk 800 G6 Maintenance and Service Guide - Page 89

Computer Setup-Security continued, Option, Description, TPM Activation Policy, BIOS SureStart

Get HP EliteDesk 800 G6 PDF manuals and user guides View all HP EliteDesk 800 G6 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 89 highlights

Table 6-2 Computer Setup-Security (continued) Option Description Select to reset the TPM to an unowned state. After the TPM is cleared, it is also turned off. To temporarily suspend TPM operations, turn the TPM off instead of clearing it. IMPORTANT: Clearing the TPM resets it to factory defaults and turns it off. You will lose all created keys and data protected by those keys. ● TPM Activation Policy ○ F1 to boot ○ Allow user to reject ○ No prompts BIOS SureStart ● Verify Boot Block on every boot-Select to enable HP SureStart. ● BIOS Data Recovery Policy-Select Automatic or Manual to determine data recovery process. Manual recovery is intended only for situations when you want forensic analysis before HP SureStart recovery. When this policy is set to manual, HP SureStart will not correct any issues that are found until the local user enters the manual recovery key sequence. This can result in a computer that cannot boot until the manual recovery key sequence is entered. ● Dynamic Runtime Scanning of Boot Block-Verifies the integrity of the BIOS boot block region several times each hour while the computer is running. Default is Enabled. ● Sure Start BIOS Settings Protection-When enabled, HP Sure Start locks all critical BIOS settings and provides enhanced protection for these settings using nonvolatile (flash) memory. NOTE: An administrator password must be set to activate this setting. ● Enhanced HP Firmware Runtime Intrusion Prevention and Detection-Enables monitoring of HP system firmware executing out of main memory while the operating system is running. Any anomalies detected in HP system firmware that is active while the operating system is running will result in a Sure Start security event being generated. ● Sure Start Security Event Policy-Controls HP Sure Start behavior upon identifying a critical security event (any modification to HP firmware) while the operating system is running. - Log Event Only-HP Sure Start will log all critical security events in the HP Sure Start audio log within the HP Sure Start nonvolatile (flash) memory. - Log Event and notify user-In addition to logging all critical security events, HP Sure Start will notify the user within the operating system that a critical event has occurred. - Log Event and power off system-In addition to logging all critical security events, HP Sure Start turns of the computer upon detecting a HP Sure Start Security Event. Because of the potential for data loss, HP recommends this setting only in situations where security integrity of the system is a higher priority than the risk of potential data loss. Smart Cover ● Cover Removal Sensor (Disabled/Notify user/Administrator password) Lets you disable the cover sensor or configure what action is taken if the computer cover is removed. Default is Disabled. NOTE: Notify user alerts the user with a POST error on the first boot after the sensor detects removal of the cover. If the password is set, Administrator Password requires that the password be entered to boot the computer if the sensor detects that the cover has been removed. Intel Software Guard Extensions (SGX) Intel SGX is a set of processor code instructions from that allows user-level code to allocate private regions of memory, that unlike normal process memory is also protected from processes running at higher privilege levels. Computer Setup-Security 79

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
Table 6-2
Computer Setup—Security (continued)
Option
Description
Select to reset the TPM to an unowned state. After the TPM is cleared, it is also turned
off.
To
temporarily suspend TPM operations, turn the TPM
off
instead of clearing it.
IMPORTANT:
Clearing the TPM resets it to factory defaults and turns it
off.
You will lose all created
keys and data protected by those keys.
TPM Activation Policy
F1 to boot
Allow user to reject
No prompts
BIOS SureStart
Verify Boot Block on every boot—Select to enable HP SureStart.
BIOS Data Recovery Policy—Select Automatic or Manual to determine data recovery process. Manual
recovery is intended only for situations when you want forensic analysis before HP SureStart
recovery. When this policy is set to manual, HP SureStart will not correct any issues that are found
until the local user enters the manual recovery key sequence. This can result in a computer that
cannot boot until the manual recovery key sequence is entered.
Dynamic Runtime Scanning of Boot
Block—Verifies
the integrity of the BIOS boot block region
several times each hour while the computer is running. Default is Enabled.
Sure Start BIOS Settings Protection—When enabled, HP Sure Start locks all critical BIOS settings and
provides enhanced protection for these settings using nonvolatile
(flash)
memory.
NOTE:
An administrator password must be set to activate this setting.
Enhanced HP Firmware Runtime Intrusion Prevention and Detection—Enables monitoring of HP
system
firmware
executing out of main memory while the operating system is running. Any
anomalies detected in HP system
firmware
that is active while the operating system is running will
result in a Sure Start security event being generated.
Sure Start Security Event Policy—Controls HP Sure Start behavior upon identifying a critical security
event (any
modification
to HP
firmware)
while the operating system is running.
Log Event Only—HP Sure Start will log all critical security events in the HP Sure Start audio log
within the HP Sure Start nonvolatile
(flash)
memory.
Log Event and notify user—In addition to logging all critical security events, HP Sure Start will
notify the user within the operating system that a critical event has occurred.
Log Event and power
off
system—In addition to logging all critical security events, HP Sure
Start turns of the computer upon detecting a HP Sure Start Security Event. Because of the
potential for data loss, HP recommends this setting only in situations where security integrity
of the system is a higher priority than the risk of potential data loss.
Smart Cover
Cover Removal Sensor (Disabled/Notify user/Administrator password)
Lets you disable the cover sensor or
configure
what action is taken if the computer cover is removed.
Default is Disabled.
NOTE:
Notify user
alerts the user with a POST error on the
first
boot after the sensor detects removal of
the cover. If the password is set,
Administrator Password
requires that the password be entered to boot
the computer if the sensor detects that the cover has been removed.
Intel Software Guard Extensions (SGX)
Intel SGX is a set of processor code instructions from that allows user-level code to allocate private
regions of memory, that unlike normal process memory is also protected from processes running at
higher privilege levels.
Computer Setup—Security
79