Technical white paper UEFI Secure Boot on HP business notebooks, desktops, and workstations

The Preinstall should set the Secure Boot/Boot Mode policy to Enable and Legacy, and to Disable for Windows 8 64/32.

Table 3. Policy settings and OS supported (notebooks only)

Boot Mode/ Secure Boot

Disable

Enable

 

 

 

Legacy

Legacy OS: XP, Vista, Windows 7, Linux

Invalid

 

 

 

UEFI Hybrid

Legacy OS: XP, Vista, Windows 7, Linux

Invalid

 

 

 

 

Linux, Windows 8 with Native UEFI but

 

UEFI Native

no Secure Boot

Windows 8

 

 

 

If the OS and the BIOS policies have a mismatch, the system may fail to boot.

Note

Having Secure Boot enabled with UEFI Hybrid or Legacy selected is an invalid state. The BIOS will ignore any request for this change.

The user can use BIOS Setup (F10) to Enable/Disable Secure Boot or it can be changed remotely using the WMI interface, which uses WMI scripts, or by using HP’s BIOSConfig utility.

When Secure Boot “Disable” command is sent from WMI to BIOS, the status of the Secure Boot doesn’t change immediately. At next reboot, the physical presence must be checked to prevent malicious software attacks.

To complete the process, the customer or technician is required to type in a random four-digit verification code that is displayed in the message generated by the BIOS.

Operating System Boot Mode Change

A change to the operating system Secure Boot mode is pending. Please enter the pass code displayed below to complete the change. If you did not initiate this request, press the ESC key to continue without accepting the pending change.

Operating System Boot Mode Change (021)

XXXX+ ENTER - to complete the change ESC – continue without changing

For more information, please visit: www.hp.com/go/techcenter/startup

Firmware boot policy for desktops and workstations

The settings for the Secure Boot policy on desktop and workstations use the following rules:

Secure Boot set to “Enabled” forces Legacy Support to “Disabled.”

Legacy Support set to “Disabled” forces:

The CSM to be disabled

All Legacy Boot Sources in the Boot Order to be disabled

All “Legacy-only” Option ROM Launch Policies to be changed to “UEFI-only”

You can manage these settings using BIOS Setup (F10), WMI (which uses WMI scripts), or HP’s BIOSConfig Utility.

When the Secure Boot “Disable” command is sent programmatically (via WMI or HP’s BIOS Config Utility), the state of Secure Boot and its dependent settings don’t change immediately. During the next reboot, the physical presence must be checked to prevent malicious software attacks.

9

Page 9
Image 9
HP 8300 manual Firmware boot policy for desktops and workstations, Boot Mode/ Secure Boot Disable Enable

8300 specifications

The HP 8300 is a versatile and efficient desktop computer designed for business environments and power users. As part of the HP Elite series, the 8300 is tailored to deliver robust performance, security, and manageability.

One of the key features of the HP 8300 is its selection of Intel processors. Users can opt for third-generation Intel Core i3, i5, or i7 CPUs, providing a range of performance levels suitable for various workloads, from basic office tasks to more intensive applications. This adaptability makes the 8300 a suitable choice for organizations needing reliable computing power.

The system supports up to 32GB of DDR3 RAM, allowing for smooth multitasking and improved efficiency in handling resource-heavy applications. The flexibility in memory options ensures that businesses can configure the machine to meet their specific needs.

For storage, the HP 8300 offers various choices including traditional Hard Disk Drives (HDD) and Solid State Drives (SSD), significantly enhancing data access speeds and system responsiveness. With multiple configuration options, users can select from up to 1TB of storage capacity, providing ample room for files and applications.

Connectivity is also a strong point for the HP 8300. The desktop is equipped with multiple USB 3.0 ports, facilitating quick file transfers and easy peripheral connectivity. Additional ports, including USB 2.0, VGA, DP, and serial ports, ensure compatibility with a wide array of devices and legacy equipment.

Security technologies are integrated within the HP 8300 framework, including features like BIOS protection, HP Client Security, and optional fingerprint readers. These security measures help safeguard sensitive data and provide an additional layer of protection against unauthorized access.

The HP 8300 also supports various operating systems, including Windows 10 Pro, ensuring organizations can deploy the desktop within their existing IT ecosystem. Furthermore, the machine’s compatibility with HP tools for remote management enhances administrators' ability to oversee multiple devices efficiently.

In summary, the HP 8300 embodies a blend of powerful hardware, extensive configuration options, robust security features, and effective management capabilities, making it a compelling desktop solution for businesses aiming for productivity and reliability. With its comprehensive feature set, it stands out as an exceptional choice for both individual and organizational computing needs.