HP 8300 manual Secure Boot overview, Firmware policies for notebooks, Secure Boot = Disabled

Page 8

Technical white paper UEFI Secure Boot on HP business notebooks, desktops, and workstations

Secure Boot overview

Secure Boot is a feature to ensure that only authenticated code can start on a platform. The firmware is responsible for preventing launch of an untrusted OS by verifying the publisher of the OS loader based on policy, and is designed to mitigate root kit attacks.

Figure 4. UEFI Secure Boot flow.

Native

Verified OS

 

loader

OS start

UEFI

(e.g. Win8)

 

 

 

Firmware enforces policy and only starts signed OS loaders it trusts.

OS loader enforces signature verification of later OS components.

Figure 5. Windows 8 Secure Boot flow.

 

 

 

Anti

3rd party

UEFI

Windows 8

Kernel

malware

OS loader

installation

software

drivers

 

 

 

 

start

 

All bootable data requires authentication before the BIOS hands off control to that entity.

The UEFI BIOS checks the signature of the OS loader before loading. If the signature is not valid, the UEFI BIOS will stop the platform boot.

Firmware policies

Firmware support of Windows 8 differs between notebooks and desktops/workstations. The following sections describe the differences in policy settings configurable by the user.

Firmware policies for notebooks

There are two firmware policies critical for the support of Windows 8 on notebooks; Secure Boot and Boot Mode.

The Secure Boot policy has the following options:

Disable

Enable

When Secure Boot is set to “Enable” BIOS will verify the boot loader signature before loading the OS.

The Boot Mode policy (for notebooks only) has the following options:

Legacy

UEFI Hybrid with compatibility support module (CSM)

UEFI Native without CSM

When Boot Mode is set to “Legacy” or the UEFI Hybrid Support setting is “Enable,” the CSM is loaded and Secure Boot is automatically disabled.

After a complete BIOS re-flash the default configuration is as follows:

Secure Boot = Disabled

Boot Mode = Legacy (Other modes will be set by Preinstall at the factory according to the OS to be preinstalled.)

8

Page 7 Page 9
Image 8
Page 7 Page 9
Contents Table of contents Page Uefi pre-boot guidelines Hptools for HP Uefi and pre-boot applicationsSupported models HP business notebooks HP business desktops HP workstationsHP System Diagnostics during startup Bios recoveryVolume name Uefi and custom imagingRecovery partition HPTools partition Partition ESP WinRE partition C ESP C OS partitionC Recovery partition DDirectories and descriptions Disk LayoutsNon-HP-signed Uefi applications How Bios launches Uefi applicationsFor HP-signed Uefi applications Additional F10 Policies for Pre-boot Environment Pre-boot security requirements notebooks onlySigned pre-boot applications Secure Boot overview Secure Boot = DisabledFirmware policies Firmware policies for notebooksFirmware boot policy for desktops and workstations Boot Mode/ Secure Boot Disable EnableSecure Boot Key management for notebooks HP Platform Key Management for notebooksSecure Boot Key management for desktops and workstations Key Ownership HP Keys Fast Boot EnabledIf Secure Boot verification fails Bios Signing KeyTPM and measured boot Physical presenceWindows 8 Hybrid Boot and flash TPM auto-provisioningPost time for notebooks Post time for desktops and workstationsBoot order Boot Order for notebooksBitLocker USBLegacy Boot Order USB Floppy USB CD-ROMNetwork Controller Boot order for desktops and workstationsSATA2 Microsoft Digital Marker Key injection Bios functionalityHP Bios configuration Repset functionality Physical Presence Check F10 Restore Default BehaviorComputrace Utilities System ConfigurationDevice Configurations Built-In Device Options Port OptionsPage PCR boot measurements for notebook products AppendixGeneral Uefi requirements PCRFor more information Resource description Web address
Related manuals
Manual 4 pages 56.97 Kb Manual 4 pages 39.59 Kb Manual 4 pages 4.61 Kb Manual 9 pages 43 Kb Manual 4 pages 30.57 Kb Manual 208 pages 14.06 Kb

8300 specifications

The HP 8300 is a versatile and efficient desktop computer designed for business environments and power users. As part of the HP Elite series, the 8300 is tailored to deliver robust performance, security, and manageability.

One of the key features of the HP 8300 is its selection of Intel processors. Users can opt for third-generation Intel Core i3, i5, or i7 CPUs, providing a range of performance levels suitable for various workloads, from basic office tasks to more intensive applications. This adaptability makes the 8300 a suitable choice for organizations needing reliable computing power.

The system supports up to 32GB of DDR3 RAM, allowing for smooth multitasking and improved efficiency in handling resource-heavy applications. The flexibility in memory options ensures that businesses can configure the machine to meet their specific needs.

For storage, the HP 8300 offers various choices including traditional Hard Disk Drives (HDD) and Solid State Drives (SSD), significantly enhancing data access speeds and system responsiveness. With multiple configuration options, users can select from up to 1TB of storage capacity, providing ample room for files and applications.

Connectivity is also a strong point for the HP 8300. The desktop is equipped with multiple USB 3.0 ports, facilitating quick file transfers and easy peripheral connectivity. Additional ports, including USB 2.0, VGA, DP, and serial ports, ensure compatibility with a wide array of devices and legacy equipment.

Security technologies are integrated within the HP 8300 framework, including features like BIOS protection, HP Client Security, and optional fingerprint readers. These security measures help safeguard sensitive data and provide an additional layer of protection against unauthorized access.

The HP 8300 also supports various operating systems, including Windows 10 Pro, ensuring organizations can deploy the desktop within their existing IT ecosystem. Furthermore, the machine’s compatibility with HP tools for remote management enhances administrators' ability to oversee multiple devices efficiently.

In summary, the HP 8300 embodies a blend of powerful hardware, extensive configuration options, robust security features, and effective management capabilities, making it a compelling desktop solution for businesses aiming for productivity and reliability. With its comprehensive feature set, it stands out as an exceptional choice for both individual and organizational computing needs.
Top Page Image Contents