Technical white paper UEFI Secure Boot on HP business notebooks, desktops, and workstations

The HP UEFI applications and pre-boot applications provide extensive pre-boot functions to the system BIOS residing in the flash ROM. You can find information for GUID Partition Table (GPT) formatted disks in the Disk layouts section of this document. On notebooks, UEFI applications are available through the F9 boot menu. On desktops and workstations, UEFI applications can be launched from the Start menu: Startup Menu > Run UEFI Application.

Note

Do not encrypt the HP_TOOLS partition using software encryption programs such as Windows BitLocker or Full Volume Encryption for HP ProtectTools. When the partition is encrypted, the HP pre-boot applications cannot function.

HP System Diagnostics during startup

The HP System Diagnostics allows you to perform tests on the primary hard drive and system memory modules. You can also use this tool to obtain computer-related information such as model number, processor type, total memory, and serial number. To access System Diagnostic during startup, press the Esc key when the “Press Esc for startup menu” message is displayed. Then press F2 to launch System Diagnostics. F2 will not wake the system from the off state or the Sleep/Hibernation state. F2 can be used only during POST when the BIOS keys are displayed.

BIOS recovery

For notebooks

The BIOS Recovery utility is a notebooks-only feature that allows you to recover the BIOS image if it becomes corrupted. Initially, the BIOS recovery directory contains the first released version of the BIOS for the platform. As HP releases BIOS updates, two HP BIOS flash utilities (HPQFlash and SSMflash) will automatically perform updates with the most current version of the BIOS. Note that the current version of the eROMPAQ flash utility does not support this function. You can use BIOS Recovery in two ways:

Automatic detection and repair of a corrupted BIOS by flashing the BIOS image.

Manually launch the BIOS Recovery utility by holding down the four arrow keys and press and release the power button.

For desktops and workstations

Desktops and workstations do not depend on a separate BIOS recovery utility. If the BIOS on a desktop or workstation is corrupted during a flash, the system will automatically enter a recovery mode (signaled by an 8-blink/beep POST error indication). During the next boot, the system will look for a valid BIOS binary file in the root directory of a USB storage device or the HDD. If a valid BIOS binary is found, the system will use it to update the BIOS.

UEFI and custom imaging

If you use your own custom image and you want to maintain system partition functionality, you must create a FAT32 partition named HP_TOOLS. Failure to do so results in the loss of the following features:

Automatic BIOS corruption detection and recovery

Ability to use all System Diagnostics functions

UEFI architecture

CAUTION

Use caution when modifying the HP_TOOLS partition. The partition is not protected and can be deleted. Backing up the computer using the Windows Complete PC Backup does not back up the UEFI partition. With no UEFI partition backup, corruption or failure of the partition will result in loss of all data on the partition, plus loss of UEFI functionality. HP recommends that you do not place additional data on the UEFI partition.

Volume name

The volume name is HP_TOOLSxxxx.HP_TOOLS in the initial release and the version number (represented here by “xxxx”) at the end of the volume name is for future expansion and is under the control of the HP Preinstall team and subject to change. Software should not hard code the volume version. Instead, software should search for the “HP_TOOLS” prUEFIx and identify the Fat32 HP partition using the prUEFIx only.

The HP_TOOLs partition is not assigned a drive letter. Any application that accesses the partition first mounts the partition. HP CASL provides the interface for mount/un-mount.

4