Technical Whitepaper HP Sure Start Automatic Firmware Intrusion Detection and Repair System May 2016 902696-002 © Copyright 2016 Development Company, L. P. The information contained herein is subject to change without notice. Microsoft and Windows are either trademarks or registered trademark of Microsoft Corporation in the U.S. and other countries.
HP Sure Start Technical White Paper May 2016 902696-002 Contents 1 Introduction ........................................................................................................................... 1 1.1 Enhancements for 2015.................................................................................................................................. 2 2 Sure Start-supported models ............................................................................................... 3 2.
HP Sure Start Technical White Paper May 2016 902696-002 List of figures Figure 1 Possible sources of firmware corruption .......................................................................................... 2 Figure 2 Firmware Integrity Verification Process ............................................................................................ 5 Figure 3 HP Sure Start BIOS Boot Block Capabilities.......................................................................................
HP Sure Start Technical White Paper May 2016 902696-002 1 Introduction HP Sure Start is the industry leader in a chipset and processor independent, firmware intrusion detection and automatic repair system. HP Sure Start provides a robust level of cyber-resiliency unique to HP platforms, while conforming to NIST 800-147 and 800-155 guidelines.
HP Sure Start Technical White Paper May 2016 902696-002 Regardless of the source of corruption, HP Sure Start automatically repairs the firmware / BIOS. Intentional Malicious Corruption Accidental Corruption HP Sure Start recovers the BIOS for uninterrupted productivity, anytime, anywhere. Unknown BIOS Corruption HP Sure Start Figure 1 Possible sources of firmware corruption 1.1 Enhancements for 2015 HP introduced Sure Start in 2013.
HP Sure Start Technical White Paper May 2016 902696-002 2 Sure Start-supported models 2.
HP Sure Start Technical White Paper May 2016 902696-002 2.
HP Sure Start Technical White Paper May 2016 902696-002 3 Architectural Overview & Capabilities HP Sure Start consists of two major architectural components: HP Sure Start Embedded Controller consisting of HP unique hardware and firmware HP Sure Start BIOS working in conjunction with the HP Sure Start Embedded Controller 3.
HP Sure Start Technical White Paper May 2016 902696-002 The HP Sure Start design ensures that all the firmware and BIOS code running on both the HP Sure Start Embedded Controller and the Host CPU is the code HP intended to be on the device. NOTE: The System Flash Boot Block integrity checking and any needed recovery performed by the Embedded Controller takes place while the Host CPU is off.
HP Sure Start Technical White Paper May 2016 902696-002 NOTE: For added redundancy, the HP BIOS Boot Block code is able to recover from a recovery image available on the HP_TOOLS partition (included as part of the default shipping configuration) or a recovery image on a USB thumb drive. While not strictly required for HP Sure Start, the same HP BIOS Block code is leveraged for non – HP Sure Start platforms where this capability is crucial.
HP Sure Start Technical White Paper May 2016 902696-002 Figure 4 Windows Event Viewer showing Sure Start events The following events will trigger the HP Notifications Software to gather all event from the Sure Start subsystem and ensure that the Windows Event Viewer is updated with any events that are not already recorded there: Windows Boot Windows Resume from Sleep / Hibernate Sure Start with Dynamic protection runtime event notifications HP Notifications Software will populate the HP Sure Start
HP Sure Start Technical White Paper May 2016 902696-002 Types of HP Sure Start Windows Event Viewer events include: Table 3 Windows Event Viewer level categories Event Level Definition Info Events that are expected to occur during the normal course of operation (e.g., updating the BIOS). Warning Unexpected events that have occurred but were fully recovered from by Sure Start and there is no user/admin action required for the platform to be fully operational.
HP Sure Start Technical White Paper May 2016 902696-002 3.7 HP Sure Start Policy Controls Out of the box, the HP system BIOS enables and optimizes HP Sure Start policies for the typical user. Since HP Sure Start is enabled by default, there is no need for the typical user to modify the settings to be protected by HP Sure Start. For advanced users, the system BIOS provides some control of Sure Start behavior, using policy settings in the (F10) BIOS Setup.
HP Sure Start Technical White Paper May 2016 902696-002 the Boot Block. The Embedded Controller copy of the Boot Block executes and recovers the remainder of the correct version of the BIOS. The default setting of this feature is disable. 3.8 Remote Management of HP Sure Start Policy Controls Out of the box, HP Sure Start policies are optimized for the typical user.
HP Sure Start Technical White Paper May 2016 902696-002 4 HP Sure Start user experience Customers see no noticeable experience degradation when HP Sure Start operates. Recovery operations are automatic using the default settings, with no end-user interaction or IT involvement for the recovery to occur in the case of HP Sure Start identifying a problem.
HP Sure Start Technical White Paper May 2016 902696-002 NOTE: Manual Recovery Mode is only intended for scenarios where the machine owner would prefer to perform forensics on the system flash contents before it is repaired and is not recommended for the typical user. In the case of the HP Sure Start Embedded Controller finding an issue with the Boot Block code, the system will refuse to boot and flash a special LED sequence until the special key sequence is input by the local user.
HP Sure Start Technical White Paper May 2016 902696-002 4.3 Dynamic Protection Runtime Messages HP Sure Start will display notifications to the end user in the event of a BIOS integrity problem detected while the operating system was running. Normally, HP Sure Strat will repair this issue automatically in the background.
