HP 8300 BitLocker, Boot order, USB, Boot, Figure, SD Card, SD Card, Boot Order, Boot Order, Delete Add, Secure Boot, eSata Drive, Secure Boot, eSata Drive

Technical white paper UEFI Secure Boot on HP business notebooks, desktops, and workstations

BitLocker

Systems which support TPM and wired LAN networking must support the UEFI_DHCP4_protocol, the

UEFI_DHCP4_SERVICE_BINDING_PROTOCOL, the UEFI_DHCP6_protocol, and theUEFI_DHCP6_SERVICE_BINDING_PROTOCOL for wired LAN as defined in UEFI 2.3.1.

At pre-boot, BitLocker must be able to discover its Network Unlock provider on a Windows Deployment Server (WDS) via DHCP, and unlock the OS volume after retrieving information from WDS.

Boot order

In UEFI design, the Boot Order variable contains an array of UINT16’s that makes up an ordered list of the BootXXXX variables (each defining one boot option). The first element in the array is the value for the first logical boot option, the second element is the value for the second logical boot option, etc. The Boot Order list is used by the firmware’s boot manager as the default boot order. Both the OS and the BIOS can add/remove Boot numbers. This is different than the boot options provided in the legacy F10 boot order menu.

Boot Order for notebooks

On notebooks, HP suggests that the user create two separate Boot Orders in the BIOS:

•The legacy Boot Order, as it exists when Legacy Support is enabled.•A UEFI Boot Order list when Legacy Support is disabled.

For the UEFI F10 Static Boot Order, the BIOS assigns certain Boot numbers for the fixed devices in the system. For example, Boot 0000 can be OS Boot Manager for a hard drive, Boot0001 can be PXE IPV4, and Boot0002 can be for a built-in DVD. Certain HP-supported UEFI apps should also be listed, such as HP UEFI diagnostics. Windows 8 will add Boot numbers for “Windows Boot Manager,” for the hard drive, and “Windows to go” for the USB disk.

When Legacy Support is disabled, the BIOS is in native UEFI mode and POST time is critical. If the generic USB device or USB hard drive is not listed first in the Boot Order and the next boot is not set to “USB Hard Drive“ or “generic USB device” by the OS, the BIOS will not enumerate USB. Thus any removable USB devices attached to the system will not be enumerated and Boot Order will not show the detailed USB device information. The only entry will be the generic USB device, and there be no external USB optical drive or external USB disk devices in the F10 Boot Order.

When no button is pressed during POST, the BIOS will pass this static Boot Order list to the OS. In turn, the OS will display it in its Advanced Options.

Figure 9. F10 Boot Order when Legacy Support is enabled and disabled (notebooks)

F10 Boot Order when Legacy Support Is enabled. Both UEFI and legacy Boot options are shown. Notebook Ethernet IPV4 and IPV6 boot options are disabled by default due to long delays.

[✔]	Legacy Support

[ ]	Secure Boot
Boot Options
[✔]	Legacy PXE Internal NIC boot

[ ]	UEFI PXE IPV4 NIC boot
[ ]	UEFI PXE IPV6 NIC boot

UEFI Boot OrderOS Boot ManagerUSB Hard DriveNotebook Ethernet IPV4Notebook Ethernet IPV6Notebook Upgrade BayeSata DriveSD CardHP HypervisorGeneric USB DeviceCustomized BootDelete Add

F10 Boot Order when Legacy Support is disabled. All legacy boot order items are dynamically removed. Notebook Ethernet IPV4 and IPV6 boot options are enabled by default.

[ ]	Legacy support
[✔]	Secure Boot

Boot Options
[✔]	UEFI PXE IPV4 NIC boot
[✔]	UEFI PXE IPV6 NIC boot
[✔]	USB

UEFI Boot Order

OS Boot Manager

USB Hard Drive

Notebook Ethernet IPV4

Notebook Ethernet IPV6

Notebook Upgrade Bay

eSata Drive

SD Card

HP Hypervisor

Generic USB Device

Customized Boot