Technical Reference Guide
www.hp.com
1
HP ProtectTools Troubleshooting Guide
Overview
HP ProtectTools Security is a new technology offered by HP on some Business PCs. This
technology offers enhanced security support for file/folder encryption, user identity and
protection, Single Sign On, multi-factor authentication, smart card, smart card preboot, token
and biometric support and works natively with the operating system to enhance security aware
applications, such as secure e-mail. The enhanced security is achieved through both hardware
and software. Windows-based management of the BIOS is also incorporated through a BIOS
Configuration module. All software is centrally managed through an HP Security Manager
interface, which can be accessed from the task tray, start menu, or control panel. A properly
enabled security system requires a TPM-enabled BIOS, versions 1.54 or greater, obtainable
through
www.hp.com
support, and security software available via purchase.
Administrators are encouraged to perform “best practices” in restricting end-user privileges and
restrictive access to users.
Hardware
The hardware consists of a Trusted Platform Module (TPM) which meets the Trusted Computing
Group requirements of TPM 1.2 standards. The card is integrated with the system board and is
part of the NIC. The NIC and TPM solution contains on-chip memory and off-chip memory,
functions and firmware are located on an external flash integrated with the system board. All
TPM functions are encrypted or protected to ensure secure flash or communications.
Software
The software, HP ProtectTools, has two parts: HP ProtectTools Security Manager and HP
plug-in modules. Security Manager is the interface (shell) that centralizes all security
applications (plug-ins). The computer offers security in both configure-to-order and aftermarket
configurations. Both offerings provide a CD which can be used in Microsoft Windows to install
the HP ProtectTools security products. Customers using a non-HP corporate image are
encouraged to use the provided CD to install security software. Some HP Web-based downloads
(SoftPaqs) will not install unless previous versions of security software are already installed on
the target PC.
HP ProtectTools security applications for the computer are:
■
HP ProtectTools Security Manager: The software is preinstalled on the hard drive and can be
accessed from the Start Menu or Control Panel applet. The Security Manager shell interface
provides a central point for administering all security plug-in modules. Security plug-ins like
the TPM, Smart Card, and future security products cannot be installed unless the Security
Manager interface is present.
■
HP ProtectTools Embedded Security: This supports the TPM 1.2 hardware directly and is
preinstalled on the imaged drive for desktop. In Windows 2000 and Windows XP
environments, this software supports enhanced security for secure e-mail with Microsoft