HP mt21 PC Commercial BIOS UEFI Setup - Page 61

HP PC Commercial BIOS (UEFI) Setup Table 36 Security Menu features Feature Create BIOS Administrator Password Or Change BIOS Administrator Password Create POST Power-On Password Or Change POST PowerOn Password Password Policies Administrator Authentication Policies  Fingerprint Reset on Reboot Type Setting Setting Menu Menu Action Description The administrator password controls access to the setup menu (F10), 3rd Party Option ROM Management (F3), Update System ROM, WMI commands that change system settings, and the BIOS Configuration Utility (BCU). When no administrator password is set, anyone can change the system settings, add 3rd Party Option ROM, or update the system ROM. When the power-on password is set, use the administrator password as an alternative to power-on the system. Recommendation: Set an administrator password when a power-on password is set. When a power-on password is forgotten, an administrator can reset the power-on password by using Restore Security Settings to Factory Defaults. Password required to power-on the PC, independent of the OS password. When no password is set, anyone can turn on the PC. In addition to the administrator password, there is only one power-on password. Recommendation: Set an administrator password when a power-on password is set. When a power-on password is forgotten, an administrator can reset the power-on password by using Restore Security Settings to Factory Defaults. Allows the administrator to set password requirements for BIOS administration and power-on regarding the use of symbols, numbers, case, and spaces. Allows the administrator to determine whether the administrator password is required to access various boot menus through hot keys at boot time, or to update the firmware through Windows Update. NOTE: the settings in this menu were previously located in the Password Policies menu. When checked, resets the fingerprint on the next reboot. After reboot, this will be unchecked again. Default Unchecked TPM Embedded Security Menu The Trusted Platform Module (TPM) is a dedicated microprocessor that provides security functions for secure communication and software and hardware integrity. BIOS Sure Start Menu Settings that control the behavior of HP Sure Start. HP Sure Start is a built-in hardware security system that protects your BIOS from accidental or malicious corruption by (1) detecting BIOS corruption and then (2) automatically restoring the BIOS to its last installed HP-certified version. Some platforms in 2019 have the capability to recover Intel ME as well. Secure Platform Management (SPM) Menu Options for managing HP Sure Run and HP Sure Recover and Sure Admin July 2020 919946-004 Notes © Copyright 2016-2019 HP Development Company, L.P. 7 Security Menu (2019 and older) 61