Technical white paper UEFI Secure Boot on HP business notebooks, desktops, and workstations

Physical Presence Check

To prevent malicious software attacks, a Physical Presence Check must be performed to inject a “new” key or “clear” a key. During the next reboot after a new key is written to Public WMI, the following message will be displayed to the user:

Microsoft Windows Product Activation Key Change

A change to the Microsoft Windows Product Activation Key is pending. Please contact Hewlett-Packard support

(www.hp.com/support) for instructions on how to complete the request. Otherwise press the “ESC” key to continue without any changes.

Windows Product Activation Key (020)

ESC – continue without changing

For more information, please visit: www.hp.com/go/techcenter/startup

A Physical Presence Check is not required if the system is in Manufacturing Mode or if the key has not been set since it was last cleared by a complete BIOS re-flash.

Computrace

The Absolute Computrace Pre-boot module writes to the hard disk if it detects the needed hard drive components are no longer present. This provides persistent support and prevents the malicious deletion of files from the system. However, this method can impact OS stability. Pre-boot module support will fail when the OS partition or the hard drive is encrypted.

In Windows 8, a new method has been proposed. The Windows Platform Binary Table (WPBT) is a fixed Advanced Configuration and Power Interface (ACPI) table that enables boot firmware to provide Windows with a platform binary that the operating system can execute. The binary handoff medium is physical memory, allowing the boot firmware to provide the platform binary without modifying the Windows image on disk. In the initial version, the WPBT simply contains a physical address pointer to a flat, Portable Executable (PE) image that has been copied to physical memory.

If you are running Windows 7 or an older OS and the HDD is not encrypted, use the older method (changing the OS file).

If you are running Windows 8 and the HDD is encrypted, publish WPBT. For older OSs, the WPBT will be ignored.

For more details, refer to the WPBT published by Microsoft.

F10 Restore Default Behavior

are listed in Table 4.

Table 4.. F10 Restore default behavior

Tab

Option

Default restored?

 

 

 

File:

 

 

 

 

 

 

Update System BIOS

Yes

 

 

 

 

Create a backup image of the System BIOS

Yes

 

 

 

Security:

 

 

 

 

 

 

Administrator Tools

 

 

 

 

 

System Management Command

Yes

 

 

 

 

HP SpareKey

Yes

 

 

 

 

Fingerprint Reset on Reboot

Yes

 

 

 

 

User Tool

 

 

 

 

 

Intel®Anti Theft

No

 

 

 

 

DriveLock password on restart

Yes

 

 

 

 

TPM Device

No

 

 

 

18

Page 18
Image 18
HP 8300 manual Computrace, F10 Restore Default Behavior, Physical Presence Check

8300 specifications

The HP 8300 is a versatile and efficient desktop computer designed for business environments and power users. As part of the HP Elite series, the 8300 is tailored to deliver robust performance, security, and manageability.

One of the key features of the HP 8300 is its selection of Intel processors. Users can opt for third-generation Intel Core i3, i5, or i7 CPUs, providing a range of performance levels suitable for various workloads, from basic office tasks to more intensive applications. This adaptability makes the 8300 a suitable choice for organizations needing reliable computing power.

The system supports up to 32GB of DDR3 RAM, allowing for smooth multitasking and improved efficiency in handling resource-heavy applications. The flexibility in memory options ensures that businesses can configure the machine to meet their specific needs.

For storage, the HP 8300 offers various choices including traditional Hard Disk Drives (HDD) and Solid State Drives (SSD), significantly enhancing data access speeds and system responsiveness. With multiple configuration options, users can select from up to 1TB of storage capacity, providing ample room for files and applications.

Connectivity is also a strong point for the HP 8300. The desktop is equipped with multiple USB 3.0 ports, facilitating quick file transfers and easy peripheral connectivity. Additional ports, including USB 2.0, VGA, DP, and serial ports, ensure compatibility with a wide array of devices and legacy equipment.

Security technologies are integrated within the HP 8300 framework, including features like BIOS protection, HP Client Security, and optional fingerprint readers. These security measures help safeguard sensitive data and provide an additional layer of protection against unauthorized access.

The HP 8300 also supports various operating systems, including Windows 10 Pro, ensuring organizations can deploy the desktop within their existing IT ecosystem. Furthermore, the machine’s compatibility with HP tools for remote management enhances administrators' ability to oversee multiple devices efficiently.

In summary, the HP 8300 embodies a blend of powerful hardware, extensive configuration options, robust security features, and effective management capabilities, making it a compelling desktop solution for businesses aiming for productivity and reliability. With its comprehensive feature set, it stands out as an exceptional choice for both individual and organizational computing needs.