EFI Preboot Guidelines and Windows 8 UEFI Secure Boot for HP Business Notebooks and Desktops PPS Business Notebook and Desktop - Technical White Paper

ManualsBrandsHP ManualsComputersD8C54UT

Technical white paper | UEFI Secure Boot on HP business notebooks, desktops, and workstations

Microsoft Windows Product Activation Key Change

A change to the Microsoft Windows Product Activation Key is pending. Please contact Hewlett-Packard support

(

www.hp.com/support

) for instructions on how to complete the request. Otherwise press the “ESC” key to continue

without any changes.

Windows Product Activation Key (020)

ESC – continue without changing

For more information, please visit:

www.hp.com/go/techcenter/startup

Physical Presence Check

To prevent malicious software attacks, a Physical Presence Check must be performed to inject a “new” key or “clear” a key.

During the next reboot after a new key is written to Public WMI, the following message will be displayed to the user:

A Physical Presence Check is not required if the system is in Manufacturing Mode or if the key has not been set since it was

last cleared by a complete BIOS re-flash.

Computrace

The Absolute Computrace Pre-boot module writes to the hard disk if it detects the needed hard drive components are no

longer present. This provides persistent support and prevents the malicious deletion of files from the system. However, this

method can impact OS stability. Pre-boot module support will fail when the OS partition or the hard drive is encrypted.

In Windows 8, a new method has been proposed. The Windows Platform Binary Table (WPBT) is a fixed Advanced

Configuration and Power Interface (ACPI) table that enables boot firmware to provide Windows with a platform binary that

the operating system can execute. The binary handoff medium is physical memory, allowing the boot firmware to provide

the platform binary without modifying the Windows image on disk. In the initial version, the WPBT simply contains a physical

address pointer to a flat, Portable Executable (PE) image that has been copied to physical memory.

If you are running Windows 7 or an older OS and the HDD is not encrypted, use the older method (changing the OS file).

If you are running Windows 8 and the HDD is encrypted, publish WPBT. For older OSs, the WPBT will be ignored.

For more details, refer to the WPBT published by Microsoft.

F10 Restore Default Behavior

are listed in Table 4.

Table 4.. F10 Restore default behavior

Tab Option Default restored?

File:

Update System BIOS

Yes

Create a backup image of the System BIOS

Yes

Security:

Administrator Tools

System Management Command

Yes

HP SpareKey

Yes

Fingerprint Reset on Reboot

Yes

User Tool

Intel®Anti Theft

DriveLock password on restart

Yes

TPM Device