HP Z1 G3 Maintenance And Service Manual page 24

Table 2-2 Computer Setup—Security (continued)
Option
Set Up BIOS Power-On
Password
Change BIOS Power-On
Password
(This selection is active
only if a BIOS power-on
password is set.)
DriveLock
Secure Erase
Smart Cover
System Management
Command
Restore Security
Settings to Default
16 Chapter 2 System management
Description
● TPM Activation Policy
BIOS Sure Start
● Verify Boot Block on every Boot
Select to check validity of boot block region on every boot. If not selected, boot block region will be
validated on power cycles.
● Data Recovery Policy
Select 'Automatic' or 'Manual' to set data recovery policy. 'Manual' lets you select whether or not to
execute recovery of a corrupted region if it is detected.
Dynamic Runtime Scanning of Boot Block
Verifies the integrity of the BIOS boot block region several times each hour while the system is running.
Lets you set and enable a BIOS power-on password. The power-on password prompt appears after a
power cycle or reboot. If the user does not enter the correct power-on password, the unit will not boot.
Lets you change the BIOS power-on password.
You must know the current password to be able to change it.
Allows you to assign or modify a master or user password for hard drives. When this feature is enabled,
the user is prompted to provide one of the DriveLock passwords during POST. If neither is successfully
entered, the hard drive will remain inaccessible until one of the passwords is successfully provided during
a subsequent cold-boot sequence.
NOTE: This selection will only appear when at least one drive that supports the DriveLock feature is
attached to the system.
CAUTION: Be aware that these settings take place immediately. A save is not necessary.
CAUTION: Be sure to document the DriveLock password. Losing a DriveLock password will render a drive
permanently locked.
After you select a drive, the following options are available:
Set DriveLock Master Password. Sets the drive's master password but does not enable DriveLock.
Enable DriveLock. Sets the drive's user password and enables DriveLock.
Lets you select a hard drive to completely erase.
Once a hard drive has been erased with a program that utilizes Secure Erase firmware commands, no file
recovery program, partition recovery program, or other data recovery method will be able to extract data
from the drive.
Cover Removal Sensor (Disabled/Notify user/Administrator password)
Lets you disable the cover sensor or configure what action is taken if the computer cover was removed.
Default is 'Disabled'.
NOTE: Notify user alerts the user with a POST error on the first boot after the sensor detects removal of
the cover. If the password is set, Administrator Password requires that the password be entered to boot
the computer if the sensor detects that the cover has been removed.
Allows authorized personnel to reset security settings during a service event. Default is enabled.
This action resets security devices, clears BIOS passwords (not including DriveLock), and restores settings
in the Security menu to factory defaults.