Computer Setup—Security (continued)
Chapter 5 Computer Setup (F10) Utility
Displays the current TPM version.
Lets you set the Trusted Platform Module as available or hidden.
Select to enable the TPM.
Select to reset the TPM to an unowned state. After the TPM is cleared, it is also turned off. To
temporarily suspend TPM operations, turn the TPM off instead of clearing it.
Clearing the TPM resets it to factory defaults and turns it off. You will lose all created
keys and data protected by those keys.
BIOS Sure Start
Verify Boot Block on every boot. Default is disabled.
BIOS Data Recovery Policy. Default is Automatic.
Only select Manual in situations in which forensic analysis is to be performed before
HP Sure Start Recovery. When this policy is set to manual, HP Sure Start will not correct any issues
that are found until the manual recovery key sequence is entered by the local user. This can result in
a system that is unable to boot after inputting the manual recovery key sequence.
Sure Start BIOS Settings Protection. This setting requires setting the BIOS Administrator password.
Default is disabled.
Sure Start Secure Boot Keys Protection. Default is enabled.
Enhanced HP Firmware Runtime Intrusion Prevention and Detection. Enables monitoring of
firmware executing out of main memory while the operating system is running. Any anomalies
detected in firmware that are active while the operating system is running results in generation of a
Sure Start Security Event. Default is enabled.
Sure Start Security Event Policy. Controls HP Sure Start behavior upon identifying a critical security
event (any modification to firmware) during operating system runtime. When set to Log Event Only,
HP Sure Start logs all critical security events. When set to Log Event and Notify User, HP Sure Start
notifies the user that a critical event has occurred. When set to Log Event and Power Off System, HP
Sure Start powers off the system upon detecting a security event. Default is Log Event Only.
Sure Start Security Event Boot Notification. Default is Require Acknowledgment.
HP Secure Platform Management (SPM)
HP Sure Run Current State (Inactive/Active)
Deactivate HP Sure Run
SPM Current State (Not provisoned/Provisioned)
Physical Presence Interface. Notifies the user upon system power up when changes are made to system
security policy. The user must agree to the changes to confirm them. Default is enabled.
Cover Lock. Default is 'Unlock'.
Cover Removal Sensor. Lets you disable the cover sensor or configure what action is taken if the
computer cover was removed. Default is 'Disabled'.