Table 5-2
Computer Setup—Security (continued)
Option
Description
●
Enhanced HP Firmware Runtime Intrusion Prevention and Detection – enables monitoring of HP
system firmware executing out of main memory while the operating system is running. Any
anomalies detected in HP system firmware that is active while the operating system is running will
result in a Sure Start security event being generated.
●
Sure Start Security Event Policy – controls HP Sure Start behavior upon identifying a critical security
event (any modification to HP firmware) while the operating system is running.
–
Log Event Only – HP Sure Start will log all critical security events in the HP Sure Start audio log
within the HP Sure Start non-volatile (flash) memory.
–
Log Event and notify user – In addition to logging all critical security events, HP Sure Start will
notify the user within the operating system that a critical event has occurred.
–
Log Event and power off system – In addition to logging all critical security events, HP Sure
Start will power of the system upon detecting a HP Sure Start Security Event. Due to the
potential for data loss, use of this setting is only recommended in situations where security
integrity of the system is a higher priority than the risk of potential data loss.
Smart Cover
Cover Removal Sensor (Disabled/Notify user/Administrator password)
Lets you disable the cover sensor or configure what action is taken if the computer cover was removed.
Default is ‘Disabled’.
NOTE:
Notify user alerts the user with a POST error on the first boot after the sensor detects removal of
the cover. If the password is set, Administrator Password requires that the password be entered to boot
the computer if the sensor detects that the cover has been removed.
Intel Software Guard Extensions (SGX)
Intel SGX is a set of processor code instructions from that allows user-level code to allocate private
regions of memory, that unlike normal process memory is also protected from processes running at
higher privilege levels.
●
Software control
●
Disable
●
Enable
Utilities
Hard Drive Utilities
●
Save/Restore MBR of System Hard Drive
NOTE:
Windows 10 systems are generally not formatted to include an MBR. Instead they use GUID
Partition Table (GPT) format, which better supports large hard drives.
Enabling this feature will save the Master Boot Record (MBR) of the system hard drive. If the MBR
gets changed, the user will be prompted to restore the MBR. Default is disabled.
The MBR contains information needed to successfully boot from a disk and to access the data stored
on the disk. Master Boot Record Security may prevent unintentional or malicious changes to the
MBR, such as those caused by some viruses or by the incorrect use of certain disk utilities. It also
allows you to recover the "last known good" MBR, should changes to the MBR be detected when the
system is restarted.
NOTE:
Most operating systems control access to the MBR of the current bootable disk; the BIOS
cannot prevent changes that may occur while the operating system is running.
Restores the backup Master Boot Record to the current bootable disk. Default is disabled.
Only appears if all of the following conditions are true:
–
MBR security is enabled
–
A backup copy of the MBR has been previously saved
Computer Setup (F10) Utilities
51