HP 8300 tower Creating or restoring an HP_TOOLS partition on the hard drive, Errors when launching the pre-bootapplications (notebooks only), UEFI Boot Mode, Customized Logo

Technical white paper UEFI Secure Boot on HP business notebooks, desktops, and workstations

Creating or restoring an HP_TOOLS partition on the hard drive

Use the following steps to create an HP_TOOLS partition and install related SofPaqs onto the partition:

1.Use Partition Magic to create a partition on a local hard drive that has a System partition with the following characteristics.

•Partition type: FAT32•Partition size: 2 GB•Volume name: HP_TOOLS2.In the new partition, create a folder called HEWLETT-PACKARD.3.Refer to Table 1 for pre-boot deliverables and directory paths.

Errors when launching the pre-boot applications (notebooks only)

If the application launch keys fail to operate, the partition may have become corrupt. Reinstall the application using the related SoftPaq from http://www.hp.com/support. If a re-installed application does not function, contact technical support.

The following errors may be displayed if a problem occurs when launching UEFI applications:

•HP_TOOLS Partition not found: can’t find Fat 32 partition starting with “HP_TOOLS”

•Application not found: can’t find pre-boot application in directory

•Invalid signature: BIOS fails to verify the signature of the pre-boot application.

If there is a backup version of the application in BIOS flash (for example, HP System Diagnostics). BIOS will launch the backup. Otherwise, BIOS displays an error message.

Pre-boot security requirements (notebooks only)

Signed pre-boot applications

When a pre-boot application is launched, it has as much control of the system resource as the BIOS. Since these applications reside on the public hard drive partition that is easily accessible and thus hacked, BIOS will only launch HP-signed pre-boot applications.

Additional F10 Policies for Pre-boot Environment

BIOS F10 provides several policies to control the availability of “Boot from UEFI File” option in the Boot Manager when F9 is pressed (for details, see How UEFI Launches UEFI Applications).

To access polices use the following path. System Configuration Device Configurations 

The following policies are presented to the user by the Boot Manager:UEFI Boot Mode“Disable (for legacy OS)”“Hybrid (with CSM) (for Windows 7 64 UEFI)”“Native (without CSM) (for WINDOWS 8 64)”

The following policy controls (settings) whether the BIOS allows to boot to an UEFI file:

Customized Logo“Enable/Disable” (Default: Disable)

When UEFI Boot Mode is disabled, the “Boot from UEFI File” option will not show up in the Boot Manager when F9 is pressed. In such a case, the only way to launch HP UEFI applications is to use the hot key.

The UEFI BIOS provides the nice feature for the user to customize the logo displaying during the boot. The logo is a bitmap file that a customer can add/change on the HP_TOOLS partition.

Since BIOS can’t check the signature of the customized logo bitmap files, it may be used as an attack tool of the BIOS post process. Thus an option is needed to disable this capability for the highly sensitive security environment.