Technical white paper UEFI Secure Boot on HP business notebooks, desktops, and workstations

ESP partition for HP UEFI and Pre-boot applications for GPT formatted disks

When a native UEFI-aware operating system is installed, the ESP partition is automatically created. One of the elements the ESP contains is the boot loader image for the operating system. The ESP is an enumerable Fat32 partition and does not have a drive letter assigned. The ESP must follow the format defined in the “UEFI System Partition Subdirectory Registry,” please refer to http://www.UEFI.org/specs/esp_registry for details.

Starting with 2012 platforms, a preinstall image of UEFI Windows 8 is available. Several HP components now reside on the ESP instead of the HP_TOOLS partition. The advantage of residing in ESP partition vs. HP_TOOLS is that components are available when you are not using the HP preinstall image. However, the default size of the ESP is 100MB so HP’s overall component size is limited.

Installation software for these UEFI components should first enumerate all Fat32 partitions, and copy the firmware packages to the ESP. The ESP can be located comparing the partition GUID to the ESP GUID definition, see the UEFI Specification version 2.3.1 for details. If the installation software cannot find the ESP, This indicates that the ESP is a legacy MBR system, not the GPT system.

How BIOS launches UEFI applications

When an UEFI application is launched, it has as much control of the system resources as the BIOS does. Because UEFI applications reside on a publicly accessible drive partition, they are not secure. The BIOS launches only UEFI applications that are considered BIOS extensions such as HP Advanced Diagnostics and the BIOS Recovery utility.

On desktops and workstations, If Secure Boot is disabled, the user may launch any UEFI application from the Run UEFI Application option of the BIOS Startup Menu.

Note

To reduce security vulnerability, execute only HP-signed UEFI applications.

For HP-signed UEFI applications

All HP UEFI applications contain two files stored under the same subdirectory as the UEFI application: filename.EFI and filename.sig.

Non–HP-signed UEFI applications

For notebooks

Non-HP-signed UEFI applications can be launched by booting to the UEFI Shell or other UEFI Applications by using the Boot from UEFI File option. Boot from UEFI File is invoked by pressing the F9 Key to launch Boot Manager. All available boot options are list under the Boot Option Menu. Selecting Boot from UEFI File presents the File Explorer Screen which lists all available file system mappings. Each entry allows viewing it’s volume structure. Once the desired UEFI Application is found, highlight the entry followed by pressing the enter key will launch the application. For security reasons, the function can be disabled by the BIOS administrator.

For desktops/workstations

Non-HP-signed UEFI applications can be launched from the Run UEFI Application option of the BIOS Startup Menu.

6

Page 6
Image 6
HP 8300 manual How Bios launches Uefi applications, For HP-signed Uefi applications, Non-HP-signed Uefi applications

8300 specifications

The HP 8300 is a versatile and efficient desktop computer designed for business environments and power users. As part of the HP Elite series, the 8300 is tailored to deliver robust performance, security, and manageability.

One of the key features of the HP 8300 is its selection of Intel processors. Users can opt for third-generation Intel Core i3, i5, or i7 CPUs, providing a range of performance levels suitable for various workloads, from basic office tasks to more intensive applications. This adaptability makes the 8300 a suitable choice for organizations needing reliable computing power.

The system supports up to 32GB of DDR3 RAM, allowing for smooth multitasking and improved efficiency in handling resource-heavy applications. The flexibility in memory options ensures that businesses can configure the machine to meet their specific needs.

For storage, the HP 8300 offers various choices including traditional Hard Disk Drives (HDD) and Solid State Drives (SSD), significantly enhancing data access speeds and system responsiveness. With multiple configuration options, users can select from up to 1TB of storage capacity, providing ample room for files and applications.

Connectivity is also a strong point for the HP 8300. The desktop is equipped with multiple USB 3.0 ports, facilitating quick file transfers and easy peripheral connectivity. Additional ports, including USB 2.0, VGA, DP, and serial ports, ensure compatibility with a wide array of devices and legacy equipment.

Security technologies are integrated within the HP 8300 framework, including features like BIOS protection, HP Client Security, and optional fingerprint readers. These security measures help safeguard sensitive data and provide an additional layer of protection against unauthorized access.

The HP 8300 also supports various operating systems, including Windows 10 Pro, ensuring organizations can deploy the desktop within their existing IT ecosystem. Furthermore, the machine’s compatibility with HP tools for remote management enhances administrators' ability to oversee multiple devices efficiently.

In summary, the HP 8300 embodies a blend of powerful hardware, extensive configuration options, robust security features, and effective management capabilities, making it a compelling desktop solution for businesses aiming for productivity and reliability. With its comprehensive feature set, it stands out as an exceptional choice for both individual and organizational computing needs.