HP Elite 8300 Firmware boot policy for desktops and workstations, Note, Enable, Legacy, Enable, Legacy, Legacy, Disable, Disable, Invalid, Invalid, Windows, UEFI Hybrid

Technical white paper UEFI Secure Boot on HP business notebooks, desktops, and workstations

The Preinstall should set the Secure Boot/Boot Mode policy to Enable and Legacy, and to Disable for Windows 8 64/32.

Note

Having Secure Boot enabled with UEFI Hybrid or Legacy selected is an invalid state. The BIOS will ignore any request for this change.

The user can use BIOS Setup (F10) to Enable/Disable Secure Boot or it can be changed remotely using the WMI interface, which uses WMI scripts, or by using HP’s BIOSConfig utility.

When Secure Boot “Disable” command is sent from WMI to BIOS, the status of the Secure Boot doesn’t change immediately. At next reboot, the physical presence must be checked to prevent malicious software attacks.

To complete the process, the customer or technician is required to type in a random four-digit verification code that is displayed in the message generated by the BIOS.

A change to the operating system Secure Boot mode is pending. Please enter the pass code displayed below to complete the change. If you did not initiate this request, press the ESC key to continue without accepting the pending change.

Firmware boot policy for desktops and workstations

The settings for the Secure Boot policy on desktop and workstations use the following rules:

You can manage these settings using BIOS Setup (F10), WMI (which uses WMI scripts), or HP’s BIOSConfig Utility.

When the Secure Boot “Disable” command is sent programmatically (via WMI or HP’s BIOS Config Utility), the state of Secure Boot and its dependent settings don’t change immediately. During the next reboot, the physical presence must be checked to prevent malicious software attacks.

9