EFI Preboot Guidelines and Windows 8 UEFI Secure Boot for HP Business Notebooks and Desktops PPS Business Notebook and Desktop - Technical White Paper

Technical white paper | UEFI Secure Boot on HP business notebooks, desktops, and workstations

OA3

Windows 8 features a new version of the OEM activation mechanism, the OEM Activation 3.0 (OA 3.0). This is supported by

all HP business PCs certified for Windows 8. If a customer orders an HP business PC with Windows 8, the unit is shipped with

Windows 8 pre-activated—the customer does not need to activate the operating system.

Microsoft Digital Marker Key injection

A standard HP method to inject the Microsoft Digital Marker (MSDM) key into ACPI will be supported by the BIOS for use by

the factory and service using the HP BIOS Configuration interface available in both Windows (Public WMI) and UEFI. The

following processes are supported by the implementation.

BIOS functionality

The following functionality is provided by the BIOS to manage the OA3 key:

• Reading the key:

– The key can always be read from WMI or UEFI under “MS Digital Marker.”

– Reading the key always returns the last key value accepted by the BIOS.

– After a full BIOS reflash, the MS Digital Marker property will not be present in the BIOS, and the ACPI MSDM table will be

cleared.

• Writing a key:

– Writing the key from WMI using “MS Digital Marker” requires a blank key slot, or that the key is first unlocked by using

Physical Presence Check or by a complete BIOS flash.

– After a key is written, a reboot is always required to set the key in the MSDM ACPI table.

– Writing the key with all FFhs clears the MSDM Table in ACPI (See “Clearing the Key” below).

• Clearing the key:

– A complete BIOS re-flash clears the key and the MSDM table in ACPI:

• This method is used only in the factory environment.

• Reading the key after the re-flash.

– Writing the key with all FFhs clears the MSDM table in ACPI:

• See “Writing the key” for Physical Presence Check requirements.

• Reading the key after the write returns all FFhs.

• A reboot is required in order to clear the MSDM ACPI table.

• SMC_RESET_PLATFORM_TO_FACTORY_DEFAULT - No other method is provided to clear the key. This includes:

– Reset to Factory default through F10, WMI

– SMC_RESET_BIOS_TO_FACTORY_DEFAULT_SAVE_IDENTITY

– Standard BIOS updates

HP BIOS configuration (REPSET) functionality

The HP BIOS Configuration utility supports the following functions for Windows key insertion:

• English

• MS Digital Marker

• “Value”

The values are:

• Unlock – used to unlock the key for writing;

– Requires reboot with Physical Presence Check

– Not required in MPM mode or first write after re-flash

• Key – Text string representation of Windows key:

– Write all FFhs to clear the key in the ACPI MSDM table.