HP Z220 SFF, Z220 CMT, Z420, Z620, and Z820 Workstations Maintenance and Service Guide

ManualsBrandsHP ManualsComputersE3F74EC

Heading Option Description

●

Embedded Security Device—This option becomes available if Embedded Device is

set to Available under Device Security.

NOTE: Embedded Security Device must be set to Device Available in the Device

Security menu, and you must create a Setup Password, in order to configure the

Embedded Security Device.

Embedded Security Device (Hidden or Available) turns the Trusted Platform

Mechanism (TPM) on and off. Device Hidden is the default. If this option is made

available, the following options become available:

◦

Power-On Authentication Support—Enables and disables an authentication

feature that requires you to enter a TPM user key password to start the

workstation. This feature uses the TPM to generate and store the

authentication password.

◦

Reset Authentication Credential—Resets the authentication functionality and

clears authentication credentials.

To enable the Embedded Security Device and to access any security features

associated with the device, you must enter a setup password.

Setting a device to Available enables the operating system to access the device.

Hidden makes the device unavailable. It is disabled by the BIOS and cannot be

enabled by the operating system.

CAUTION: Choosing Reset to Factory Settings may result in significant data loss.

The embedded security device is a critical component of many security schemes.

Erasing the security keys prevent access to data protected by the Embedded

Security Device.

●

OS Management of Embedded Security Device—Enables or disables the ability of

the operating system to control the TPM device, including turning it on and off,

initializing it, and resetting it.

◦

Reset of Embedded Security Device through OS—Enables or disables the

ability of the operating system to reset the TPM. Available only when OS

Management of Embedded Security Device is enabled.

DriveLock

Security

Lets you assign or modify a master password or user password for hard drives. When

enabled, this feature prompts the user to provide one of the DriveLock passwords during

POST. If the user does not successfully enter one of the passwords, the hard drive

remains inaccessible until one of the passwords is successfully entered during a

subsequent cold-boot sequence.

NOTE: This selection appears only when the system includes at least one drive that

supports the DriveLock feature.

Secure Boot

Configuration

●

Legacy Support—Enable/Disable

●

Secure Boot—Enable/Disable

●

Key Management

◦

Clear Secure Boot Keys—Clear/Don't Clear

◦

Key Ownership—HP Keys/Custom Keys

●

Fast Boot—Enable/Disable

Power OS Power

Management

Enables or disables:

●

Runtime Power Management—(Enable or Disable)

●

Turbo Mode—(Enable or Disable)

●

Idle Power Savings—Extended (default) or Normal; extended mode reduces

processor power consumption when the CPU is idle.

54 Chapter 2 System management