Manuals / Brands / Computer Equipment / Desktops / HP / Computer Equipment / Desktops

HP Mini 8300 tower Secure Boot Key management for desktops and workstations, Note, Note, Enabled, Enabled, HP Keys, Disabled, ►HP Keys, Fast Boot, Secure Boot, Don’t Clear

1 23

Download 23 pages, 526.48 Kb

Technical white paper UEFI Secure Boot on HP business notebooks, desktops, and workstations

Figure 7. BIOS Setup User Mode selection for notebooks.

Note

If the user tries to import the HP PK again when the selection is the Customer Keys, the BIOS will reject the PK.

Secure Boot Key management for desktops and workstations

Figure 8. HP Platform Key Management for desktops

Secure Boot Configuration
Legacy Support		Disabled
Secure Boot		Enabled
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
Key Management
Clear Secure Boot Keys		Don’t Clear
Key Ownership		►HP Keys
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
Fast Boot	Enabled

The factory-default HP BIOS sets Key Ownership to HP Keys. This means the HP platform key (PK), Microsoft key exchange key (KEK), Microsoft database (db), and a blacklist database (dbx) are populated. When Secure Boot is disabled, the keys currently enrolled in the system are preserved. If a custom PK, KEK, db, and dbx are desired, the user must change Key Ownership to Custom Keys. Once confirmed, this change will automatically disable Secure Boot and clear the PK, KEK, db, and dbx. The user may then import custom keys and re-enable Secure Boot.

Note

If the user tries to import the HP PK when Key Ownership is Custom Keys, the BIOS will reject the PK.

11

Contents

Technical white paper PPS business notebooks, desktop, and workstations Page UEFI pre-bootguidelines Supported models HP_TOOLS for HP UEFI and pre-bootapplications For notebooks For desktops and workstations UEFI and custom imaging UEFI architecture Directories and descriptions :\Hewlett-Packard\<softwarename Disk Layouts Figure 1. Disk layouts for notebooks GPT-basedlayout How BIOS launches UEFI applications For desktops/workstations Creating or restoring an HP_TOOLS partition on the hard drive Errors when launching the pre-bootapplications (notebooks only) Pre-bootsecurity requirements (notebooks only) Secure Boot overview Firmware policies Firmware policies for notebooks Firmware boot policy for desktops and workstations Secure Boot Key management for notebooks Secure Boot Key management for desktops and workstations If Secure Boot verification fails The BIOS Signing Key TPM and measured boot The default for NoPPIProvision Flag Special China requirement with Windows POST Windows 8 Hybrid Boot and flash BitLocker Boot order Legacy Boot Order Notebook Hard Drive USB Floppy USB CD-ROM Notebook Ethernet Boot order for desktops and workstations Legacy Support is automatically disabled when Secure Boot is enabled UEFI Boot Sources USB Floppy/CD Windows Boot Manager OA3 Computrace F10 Restore Default Behavior Embedded Security Device State TPM Reset to Factory Defaults Power-OnAuthentication Support Reset Authentication Credential OS Management of TPM Fan Always on while AC Power Data Execution Prevention Max SATA Speed SATA Device Mode Wake on USB Parallel Port Flash media reader USB Port 1394 Port Express Card Slot Appendix General UEFI requirements PCR boot measurements for notebook products For more information