,
|
| EMBEDDED SECURITY |
|
|
|
|
|
|
|
|
|
Feature | Function | Default setting, | Reboot |
| |
|
|
| if applicable | required |
|
|
|
|
| ||
BIOS Integrity Checking (Note: HP Sure Start is only supported on 2013 EliteBook and ZBook notebooks) |
| N/A |
| ||
|
|
|
|
|
|
| Verify Boot Block on every boot | Verify the integrity of the system’s boot block on boot. | Disabled | Yes |
|
|
|
|
|
|
|
| BIOS Data Recovery Policy | Recover System Data (For manual recovery during boot up press (Up | Automatic | Yes |
|
|
| Arrow + Down Arrow + ESC) to restore System Data |
|
|
|
Restore Network Configuration to factory defaults
TPM Embedded Security
TPM Device
Embedded Security Device State
Restore the network address and other network parameters to factory |
| Yes |
default |
|
|
|
|
|
Manages TPM Module settings |
| N/A |
|
|
|
Exposes the integrated TPM module | Available | Yes |
|
|
|
Enables the integrated TPM module | Disabled | Yes |
TPM Reset to Factory Default
OS Management of TPM
Reset of TPM from OS System Management Command
| Sets TPM Embedded Security settings to factory default | No | Yes |
|
|
|
|
|
|
| Allows operating system to manage TPM module | Enabled | Yes |
|
|
|
|
|
|
| Allows reset of TPM module from within the operating system | Disabled | Yes |
|
|
|
|
|
|
| Allows authorized personnel to reset security settings in case of a | Enabled | Yes |
|
| service event NOTE: In the event BIOS password is lost and this option |
|
|
|
| is disabled authorized personnel will not be able to remove lost |
|
|
|
| password. |
|
|
|
|
| UTILITIES |
|
|
|
|
|
| |
|
| N/A | ||
|
|
|
|
|
| Intel |
| N/A | |
|
|
|
|
|
| – Active | Activates this option | Enabled | Yes |
|
|
|
|
|
| – Suspend | Allows the feature to be disabled temporarily | Disabled | Yes |
|
|
|
|
|
| Absolute Software Computrace |
|
| N/A |
– Current State
Hard Drive Tools
Save/restore Master Boot Record (MBR) of the system hard drive
Inactive | N/A | |
[Inactive/Active/Permanent Disabled] |
|
|
|
|
|
|
| N/A |
|
|
|
Saves a baseline MBR that can be restored if a change is detected | Disabled | Yes |
NOTE: Not applicable for UEFI boot modes |
|
|
DriveLock
Automatic DriveLock
Disk Sanitizer
Secure Erase
System IDs
Asset Tracking Number
Ownership Tag
Ownership Tag 2
Allows configuration of DriveLock Master and User passwords | Disabled | N/A |
|
|
|
Requires the BIOS to authenticate the user before the drive is unlocked. | Disabled | N/A |
The user can be a BIOS user (managed by F10 Setup) or a ProtectTools |
|
|
user (managed by the OS). |
|
|
Following authentication, the BIOS automatically supplies the |
|
|
DriveLock password. |
|
|
A BIOS administrator password is required for this feature and is set as |
|
|
the DriveLock master password. |
|
|
|
|
|
Erases all data on selected hard drive; typically used prior to |
| N/A |
repurposing or donation (Not supported under RAID mode or on SSDs) |
|
|
|
|
|
Uses a |
| N/A |
|
|
|
|
| N/A |
|
|
|
Allows custom configuration of an asset tag (up to 18 characters) | Serial Number | No |
|
|
|
Allows custom configuration of an ownership tag (up to 40 characters) | Blank | No |
|
|
|
Allows custom configuration of an ownership tag (up to 40 characters) | Blank | No |
|
|
|
7