Technical white paper UEFI Secure Boot on HP business notebooks, desktops, and workstations

Creating or restoring an HP_TOOLS partition on the hard drive

Use the following steps to create an HP_TOOLS partition and install related SofPaqs onto the partition:

1.Use Partition Magic to create a partition on a local hard drive that has a System partition with the following characteristics.

Partition type: FAT32

Partition size: 2 GB

Volume name: HP_TOOLS

2.In the new partition, create a folder called HEWLETT-PACKARD.

3.Refer to Table 1 for pre-boot deliverables and directory paths.

Errors when launching the pre-boot applications (notebooks only)

If the application launch keys fail to operate, the partition may have become corrupt. Reinstall the application using the related SoftPaq from http://www.hp.com/support. If a re-installed application does not function, contact technical support.

The following errors may be displayed if a problem occurs when launching UEFI applications:

HP_TOOLS Partition not found: can’t find Fat 32 partition starting with “HP_TOOLS”

Application not found: can’t find pre-boot application in directory

Invalid signature: BIOS fails to verify the signature of the pre-boot application.

If there is a backup version of the application in BIOS flash (for example, HP System Diagnostics). BIOS will launch the backup. Otherwise, BIOS displays an error message.

Pre-boot security requirements (notebooks only)

Signed pre-boot applications

When a pre-boot application is launched, it has as much control of the system resource as the BIOS. Since these applications reside on the public hard drive partition that is easily accessible and thus hacked, BIOS will only launch HP-signed pre-boot applications.

Additional F10 Policies for Pre-boot Environment

BIOS F10 provides several policies to control the availability of “Boot from UEFI File” option in the Boot Manager when F9 is pressed (for details, see How UEFI Launches UEFI Applications).

To access polices use the following path. System Configuration Device Configurations

The following policies are presented to the user by the Boot Manager:

UEFI Boot Mode

“Disable (for legacy OS)”

“Hybrid (with CSM) (for Windows 7 64 UEFI)”

“Native (without CSM) (for WINDOWS 8 64)”

The following policy controls (settings) whether the BIOS allows to boot to an UEFI file:

Customized Logo

“Enable/Disable” (Default: Disable)

When UEFI Boot Mode is disabled, the “Boot from UEFI File” option will not show up in the Boot Manager when F9 is pressed. In such a case, the only way to launch HP UEFI applications is to use the hot key.

The UEFI BIOS provides the nice feature for the user to customize the logo displaying during the boot. The logo is a bitmap file that a customer can add/change on the HP_TOOLS partition.

Since BIOS can’t check the signature of the customized logo bitmap files, it may be used as an attack tool of the BIOS post process. Thus an option is needed to disable this capability for the highly sensitive security environment.

7

Page 7
Image 7
HP 8300 manual Pre-boot security requirements notebooks only, Signed pre-boot applications

8300 specifications

The HP 8300 is a versatile and efficient desktop computer designed for business environments and power users. As part of the HP Elite series, the 8300 is tailored to deliver robust performance, security, and manageability.

One of the key features of the HP 8300 is its selection of Intel processors. Users can opt for third-generation Intel Core i3, i5, or i7 CPUs, providing a range of performance levels suitable for various workloads, from basic office tasks to more intensive applications. This adaptability makes the 8300 a suitable choice for organizations needing reliable computing power.

The system supports up to 32GB of DDR3 RAM, allowing for smooth multitasking and improved efficiency in handling resource-heavy applications. The flexibility in memory options ensures that businesses can configure the machine to meet their specific needs.

For storage, the HP 8300 offers various choices including traditional Hard Disk Drives (HDD) and Solid State Drives (SSD), significantly enhancing data access speeds and system responsiveness. With multiple configuration options, users can select from up to 1TB of storage capacity, providing ample room for files and applications.

Connectivity is also a strong point for the HP 8300. The desktop is equipped with multiple USB 3.0 ports, facilitating quick file transfers and easy peripheral connectivity. Additional ports, including USB 2.0, VGA, DP, and serial ports, ensure compatibility with a wide array of devices and legacy equipment.

Security technologies are integrated within the HP 8300 framework, including features like BIOS protection, HP Client Security, and optional fingerprint readers. These security measures help safeguard sensitive data and provide an additional layer of protection against unauthorized access.

The HP 8300 also supports various operating systems, including Windows 10 Pro, ensuring organizations can deploy the desktop within their existing IT ecosystem. Furthermore, the machine’s compatibility with HP tools for remote management enhances administrators' ability to oversee multiple devices efficiently.

In summary, the HP 8300 embodies a blend of powerful hardware, extensive configuration options, robust security features, and effective management capabilities, making it a compelling desktop solution for businesses aiming for productivity and reliability. With its comprehensive feature set, it stands out as an exceptional choice for both individual and organizational computing needs.