Software Impacted—

Details

Solution

Short description

 

 

 

 

 

 

 

Allow Security Manager to complete services loading

 

 

message (seen at top of Security Manager window) and

 

 

all plug-ins listed in left column. To avoid failure, allow

 

 

a reasonable time for these plug-ins to load.

 

 

 

HP ProtectTools * General

Numerous risks are possible with

Administrators are encouraged to follow “best

—Unrestricted access or

unrestricted access to the client PC:

practices” in restricting end-user privileges and

uncontrolled administrator

deletion of PSD

restricting user access.

privileges pose security

Unauthorized users should not be granted

risk.

malicious modification of user

 

administrative privileges.

 

settings

 

 

disabling of security policies and

 

 

functions

 

 

 

 

BIOS and OS Embedded

If user does not validate a new password

This is functioning as designed; these passwords can

Security password are out

as the BIOS Embedded Security

be re-synchronized by changing the OS Basic User

of synch.

password, the BIOS Embedded Security

password and authenticating it at the BIOS Embedded

 

password reverts back to the original

Security password prompt.

 

embedded security password through

 

 

F10 BIOS.

 

Only one user can log on to the system after TPM preboot authentication is enabled in BIOS.

The TPM BIOS PIN is associated with the first user who initialize the user setting. If a computer has multiple users, the first user is, in essence, the administrator. The first user will have to give his TPM user PIN to other users to use to log in.

This is functioning as designed; HP recommends that the customer's IT department follow good security policies for rolling out their security solution and ensuring that the BIOS administrator password is configured by IT administrators for system level protection.

User has to change PIN to make TPM preboot work after a TPM factory reset.

User has to change PIN or create another user to initialize his user setting to make TPM BIOS authentication work after reset. There is no option to make TPM BIOS authentication work.

This is as designed, the factory reset clears the Basic User Key. The user must change his user PIN or create a new user to re-initialize the Basic User Key.

Power-on

In Computer Setup, the Power-on

authentication support

authentication support option is not

not set to default using

being reset to factory settings when

Embedded Security

using the Embedded Security Device

Reset to Factory

option Reset to Factory Settings. By

Settings

default, Power-on authentication

 

support is set to Disable.

The Reset to Factory Settings option disables Embedded Security Device, which hides the other Embedded Security options (including Power-on authentication support). However, after re-enabling Embedded Security Device, Power-on authentication support remained enabled.

HP is working on a resolution, which will be provided in future Web-based ROM SoftPaq offerings.

Security Power-On

Power-On Authentication prompts the

To be able to write to BIOS, the user must enter the

Authentication overlaps

user to log on to system using the TPM

BIOS password instead of the TPM password at the

BIOS Password during

password, but, if the user presses F10 to

Power-on Authentication window.

boot sequence.

access the BIOS, Read rights access

 

 

only is granted.

 

 

 

 

The BIOS asks for both

The BIOS asks for both the old and new

This is as designed. This is due to the inability of the

the old and new

passwords through Computer Setup

BIOS to communicate with the TPM, once the operating

passwords through

after changing the Owner password in

system is up and running, and to verify the TPM pass

Computer Setup after

Embedded Security Windows software.

phrase against the TPM key blob.

changing the Owner

 

 

password in Embedded

 

 

Security Windows

 

 

software.

 

 

 

 

 

ENWW

Miscellaneous 67

Page 73
Image 73
HP dc73 Blade Client manual Power-on Computer Setup, the Power-on Authentication support