HP Sure Start - WHITEPAPER
NIST SP 800-
193
HP Sure Start
Roots of Trust
(Section 4.1)
Meets all Resiliency
Requirements
• Gen3+ uses a hardware-based RoT (the HP
ESC) with immutable boot firmware, which
cryptographically verifies subsequent firmware
before launching it, creating a Chain of Trust.
• Gen3+ includes a key store and approved digital
signing algorithms based on FIPS 186-4 to verify
the digital signature of firmware update images.
• Gen3+ uses authenticated update, detection,
and recovery mechanisms, which are anchored
in Gen3+’s HW-based RoT.
Protection
and Update of
Mutable Code
(Section 4.2.1)
Meets all Resiliency
Requirements
• Gen3+ uses an authenticated update
mechanism anchored in Gen3+’s
• HW-based RoT.
• Firmware update images are digitally signed by
HP’s code signing service (HP Secure Sign) and
verified by Gen3+ prior to updating.
• Gen3+ integrity protects the HP ESC and UEFI
flash regions, so that only its authenticated
update mechanism or a secure local update
through physical presence can modify those
flash regions.
• Gen3+ has no known authenticated update
bypass mechanisms and contains the ability to
prevent rollback to earlier authentic firmware
images with known security vulnerabilities.
Protection of
Immutable Code
(Section 4.2.2)
Meets all Resiliency
Requirements
• Gen3+ uses a hardware-based RoT (the HP ESC)
with immutable boot firmware.
Runtime Protec-
tion of Critical
Platform FW
(Section 4.2.3)
Meets all Resiliency
Requirements
Critical Platform Firmware executing in volatile
storage (RAM) runs and:
• Ceases its operation prior to the loading of
system software. That is, it runs during POST
and stops before the OS is loaded.
• is protected from system software using SMM
protections enforced by the CPU.
Protection of
Critical Data
(Section 4.2.4)
Meets all Resiliency
Requirements
• Gen4+ Critical Data, such as Secure Boot
authenticated variables, are only modifiable
through defined APIs provided by device
firmware. These APIs employ a mechanism to
authenticate that the data is originating from an
authorized source before applying the change.
• Gen4+ Critical Data, such as per-platform
unique factory configuration settings, are only
modifiable through defined APIs provided
by device firmware. These APIs employ a
mechanism to authenticate that the request
is originating from an authorized HP service
provider before they allow the change.
• Gen4+ Critical Data, such as BIOS settings
that can be configured in the field, are only
modifiable through defined APIs. These APIs
are accessed only via a system administrator
who has configured the BIOS administrator
password.
• Gen3+ factory default settings, which are
not per- platform-specific, employ the same
protection as the code. This includes integrity
and authenticity verification via digital
signature. These setting updates are controlled
and protected in the same manner as the
firmware.
Table 5:
Required functions for Host
Processor Boot Firmware.
The table below provides a
summary of each function
described by NIST SP 800-193.