Technical Whitepaper

HP PC Commercial
BIOS (UEFI) Setup
Administration Guide
For Commercial Platforms using HP BIOSphere Gen 3-8
2016 -2021

January 2022
919946-006
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Table of contents
1 Abstract ................................................................................................................................. 7

2 Introduction ........................................................................................................................... 8
2.1 Supported models – 2020, 2021 (UEFI only) .................................................................................................. 8
2.2 Supported models – prior generations (with legacy support) ....................................................................... 10
2.3 New in 2020 .................................................................................................................................................. 13
2.4 New in 2021 .................................................................................................................................................. 13

3 F10 Main Menu .................................................................................................................... 14

3.1 Main Menu ..................................................................................................................................................... 16
3.2 BIOS Event Log Menu .................................................................................................................................... 16
3.3 Update System BIOS Menu ............................................................................................................................ 17
3.4 BIOS Update Preferences Menu ..................................................................................................................... 18
3.5 Network Configuration Settings Menu ........................................................................................................... 19
3.6 Change Date and Time .................................................................................................................................. 20
3.7 System IDs Menu ........................................................................................................................................... 20

4 Security Menu ...................................................................................................................... 21

4.1 Password Policies Menu ................................................................................................................................ 24
4.2 Administrator Authentication Policies Menu .................................................................................................. 25
4.3 Trusted Platform Module (TPM) Embedded Security Menu ........................................................................... 26
4.4 BIOS Sure Start Menu .................................................................................................................................... 27
4.5 Secure Boot Configuration Menu ................................................................................................................... 28
4.6 Secure Platform Management (SPM) ............................................................................................................ 29
4.7 Smart Cover Menu ......................................................................................................................................... 31
4.8 Hard Drive Utilities Menu ............................................................................................................................... 32
4.9 DriveLock/Automatic DriveLock Menu ........................................................................................................... 33

5 Advanced Menu ................................................................................................................... 34

5.1 Advanced Menu ............................................................................................................................................. 35
5.2 Display Language Menu ................................................................................................................................ 36
5.3 Scheduled Power-On Menu ........................................................................................................................... 37

© Copyright 2022 HP Development Company, L.P. Table of contents 2

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

5.4 Boot Options Menu ........................................................................................................................................ 37

5.5 HP Sure Recover ............................................................................................................................................ 38
5.6 System Options Menu ................................................................................................................................... 40
5.7 Built-in Device Options Menu......................................................................................................................... 44
5.8 Port Options Menu......................................................................................................................................... 48
5.9 Power Management Options Menu ............................................................................................................... 49
5.10 Remote Management Options Menu (Intel Only) ......................................................................................... 51
5.11 MAC Address Pass Through (Notebook Only) .............................................................................................. 51
5.12 Thunderbolt™ Options ................................................................................................................................ 52
5.13 Remote HP PC Hardware Diagnostics Settings............................................................................................ 54

6 F10 Main Menu (2019 and older) ...................................................................................... 55

6.1 Main Menu ..................................................................................................................................................... 56
6.2 BIOS Event Log Menu .................................................................................................................................... 56
6.3 Update System BIOS Menu ............................................................................................................................ 57
6.4 BIOS Update Preferences Menu ..................................................................................................................... 58
6.5 Network Configuration Settings Menu ........................................................................................................... 59
6.6 Change Date and Time .................................................................................................................................. 59
6.7 System IDs Menu ........................................................................................................................................... 60

7 Security Menu (2019 and older) ........................................................................................ 61

7.1 Password Policies Menu ................................................................................................................................ 64
7.2 Administrator Authentication Policies Menu .................................................................................................. 65
7.3 Trusted Platform Module (TPM) Embedded Security Menu ........................................................................... 66
7.4 BIOS Sure Start Menu .................................................................................................................................... 67
7.5 Smart Cover Menu (Desktop Only)................................................................................................................. 68
7.6 Secure Platform Management (SPM) ............................................................................................................ 69
7.7 HP Sure Admin Enhanced BIOS Authentication Mode (EBAM) ........................................................................ 69
7.8 Hard Drive Utilities Menu ............................................................................................................................... 71
7.9 DriveLock/Automatic DriveLock Menu ........................................................................................................... 72

8 Advanced Menu (2019 and older) ..................................................................................... 73

8.1 Advanced Menu ............................................................................................................................................. 74
8.2 Display Language Menu ................................................................................................................................ 75
8.3 Scheduled Power-On Menu ........................................................................................................................... 76

© Copyright 2022 HP Development Company, L.P. Table of contents 3

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

8.4 Boot Options Menu ........................................................................................................................................ 76

8.5 HP Sure Recover ............................................................................................................................................ 78
8.6 Secure Boot Configuration Menu ................................................................................................................... 79
8.7 System Options Menu ................................................................................................................................... 80
8.8 Built-in Device Options Menu......................................................................................................................... 84
8.9 Port Options Menu......................................................................................................................................... 88
8.10 Option ROM Launch Policy Menu ................................................................................................................. 90
8.11 Power Management Options Menu ............................................................................................................. 90
8.12 Remote Management Options Menu (Intel Only) ......................................................................................... 91
8.13 MAC Address Pass Through (Notebook Only) .............................................................................................. 92
8.14 Thunderbolt™ Options ................................................................................................................................ 93
8.15 Remote HP PC Hardware Diagnostics Settings............................................................................................ 95

9 UEFI Drivers ......................................................................................................................... 96

10 Features Not in F10 Menu ................................................................................................. 97

11 Computer Notifications ..................................................................................................... 98

11.1 Introduction ................................................................................................................................................. 98
11.2 Blink and Beep Codes .................................................................................................................................. 98
11.3 Pop-up Messages ........................................................................................................................................ 99

12 Appendix A ...................................................................................................................... 100

12.1 What is UEFI? .............................................................................................................................................100
12.2 Introduction ...............................................................................................................................................100
12.3 Benefits of UEFI .........................................................................................................................................100
12.4 Overview of UEFI Boot Process .................................................................................................................100
12.5 The UEFI Forum .........................................................................................................................................101

13 Appendix B ...................................................................................................................... 102

13.1 Updating System Firmware with the HP Firmware Update and Recovery Application (Windows Operating
Systems only) ...........................................................................................................................................102
13.2 Using HP Firmware Update and Recovery .................................................................................................102
13.3 USB Recovery Key Creation .......................................................................................................................104
13.4 HpFirmwareUpdRec Log File .....................................................................................................................105
13.5 Custom Logo Support ...............................................................................................................................106

© Copyright 2022 HP Development Company, L.P. Table of contents 4

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

List of tables
Table 1 Notebook Generations (UEFI only)....................................................................................................8
Table 2 Desktop Generations (UEFI only) ......................................................................................................9
Table 3 Notebook Generations (with legacy support)............................................................................... 10
Table 4 Desktop Generations (with legacy support) ................................................................................. 12
Table 5 Main Menu features .......................................................................................................................... 16
Table 6 Update System BIOS Menu features .............................................................................................. 17
Table 7 BIOS Update Preferences Menu features ...................................................................................... 18
Table 8 Network Configuration Settings Menu features ........................................................................... 19
Table 9 System IDs Menu features ............................................................................................................... 20
Table 10 Security Menu features .................................................................................................................. 22
Table 11 Password Policies Menu features................................................................................................. 24
Table 12 Password Policies Menu features................................................................................................. 25
Table 13 TPM Embedded Security Menu features ..................................................................................... 26
Table 14 BIOS Sure Start Menu features ..................................................................................................... 27
Table 15 Secure Boot Menu features ........................................................................................................... 28
Table 16 Secure Platform Management Menu features ........................................................................... 29
Table 17 Smart Cover Menu features .......................................................................................................... 31
Table 18 Hard Drive Utilities Menu features ................................................................................................ 32
Table 19 DriveLock Menu features ............................................................................................................... 33
Table 20 Advanced Menu features ............................................................................................................... 35
Table 21 Display Language Menu features ................................................................................................. 36
Table 22 Scheduled Power-On Menu features ........................................................................................... 37
Table 23 Boot Options Menu features ......................................................................................................... 37
Table 24 HP Sure Recover ............................................................................................................................. 38
Table 25 System Options Menu features .................................................................................................... 40
Table 26 Built-in Device Options Menu features ........................................................................................ 44
Table 27 Port Options Menu features .......................................................................................................... 48
Table 28 Power Management Options Menu features .............................................................................. 49
Table 29 Remote Management Options Menu features ........................................................................... 51
Table 30 Remote HP PC Hardware Diagnostics Features ......................................................................... 54
Table 31 Main Menu features ........................................................................................................................ 56

© Copyright 2022 HP Development Company, L.P. List of tables 5

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Table 32 Update System BIOS Menu features ............................................................................................ 57

Table 33 BIOS Update Preferences Menu features .................................................................................... 58
Table 34 Network Configuration Settings Menu features ......................................................................... 59
Table 35 System IDs Menu features ............................................................................................................ 60
Table 36 Security Menu features .................................................................................................................. 62
Table 37 Password Policies Menu features................................................................................................. 64
Table 38 Password Policies Menu features................................................................................................. 65
Table 39 TPM Embedded Security Menu features ..................................................................................... 66
Table 40 BIOS Sure Start Menu features ..................................................................................................... 67
Table 41 Smart Cover Menu features .......................................................................................................... 68
Table 42 Secure Platform Management Menu features ........................................................................... 69
Table 43 Enhanced BIOS Authentication Mode (EBAM) Menu features ................................................... 70
Table 44 Hard Drive Utilities Menu features ................................................................................................ 71
Table 45 DriveLock Menu features ............................................................................................................... 72
Table 46 Advanced Menu features ............................................................................................................... 74
Table 47 Display Language Menu features ................................................................................................. 75
Table 48 Scheduled Power-On Menu features ........................................................................................... 76
Table 49 Boot Options Menu features ......................................................................................................... 76
Table 50 HP Sure Recover ............................................................................................................................. 78
Table 51 Secure Boot Configurations Menu features ................................................................................ 79
Table 52 System Options Menu features .................................................................................................... 80
Table 53 Built-in Device Options Menu features ........................................................................................ 84
Table 54 Port Options Menu features .......................................................................................................... 88
Table 55 Option ROM Launch Policy Menu features .................................................................................. 90
Table 56 Power Management Options Menu features .............................................................................. 90
Table 57 Remote Management Options Menu features ........................................................................... 91
Table 58 Remote HP PC Hardware Diagnostics Features ......................................................................... 95
Table 59 Computer notifications .................................................................................................................. 98
Table 60 Pop-up messages .......................................................................................................................... 99
Table 61 Custom logo support ................................................................................................................... 106
Table 62 Custom logo support: command-line usage ............................................................................ 107

© Copyright 2022 HP Development Company, L.P. List of tables 6

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

1 Abstract
HP redesigned the 2015 and later generations of BIOS to support the requirements of the latest microprocessors and
operating systems. HP took this opportunity to create a new BIOS architecture based on the UEFI specification version 2.4,
with a common set of core modules and capable of supporting both notebook and desktop models. Now HP notebooks and
HP desktops models using this generation of the BIOS will have a similar look and feel for the (F10) setup menu, more
shared WMI strings, and more shared features.

© Copyright 2022 HP Development Company, L.P. 1 Abstract 7

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

2 Introduction
This whitepaper provides detailed information about features adjusted through the BIOS setup menu, which is accessible
during system boot-up by using the ‘F10’ function key. In addition, the sections on computer notifications provide an
explanation for the LED blink codes and screen messages that may occur during the early part of boot-up.

For decades, HP has provided an industry-leading level of built-in customer value through internally developed system
firmware (BIOS). Current BIOS designs use common, publicly available UEFI core functions as a starting point extended with
unique HP features and adapted for each system’s unique hardware, operating system, and software requirements. The
BIOS also exposes and provides the interfaces required to use unique firmware and hardware-based HP professional
innovations such as HP Sure Start, HP Sure Run, HP Sure Admin, HP Sure Recover, and HP Client Security Manager.

This document has been updated to reflect new and updated features in the ‘S’ family of BIOS, introduced in 2020. An S
family BIOS is a version that begins with the letter S. For example, S71 Ver. 01.01.00 . Previous generations of commercial
PCs had BIOS family designations of R (2019), Q (2017-2018), P (2016), and N (2015) which are also covered by this
whitepaper. Some of the features in the later platforms are not supported in earlier models, and some older settings may
be deprecated in newer models. Many of the features and settings are dependent on specific hardware or design elements
that are not present on every model. Therefore this document describes the superset of BIOS settings across the portfolio
of products listed, and not all current generation products support all the BIOS features described here.

2.1 Supported models – 2020, 2021 (UEFI only)

The first set of chapters below – Chapters 3 through 5 – applies to the most recent HP commercial-grade PC products
released in 2020. Commercial-grade means products designed to meet the demanding security and manageability
requirements of national, regional, and local government agencies, schools, the military, international financial institutions,
and retail sales companies. The models covered in this first section only support UEFI based operating systems. There is
no support for legacy DOS, Windows, or Linux configurations in the products listed below:

Table 1 Notebook Generations (UEFI only)

Platforms 2020 2021 Processor

(most are
‘S’ Family)

UEFI Specification supported: 2.7

HP ZBook Firefly 14, 15 G7 G8 Intel

HP ZBook Fury 15, 17 G7 G8 Intel

HP ZBook Create G7 Intel

HP ZBook Studio G7 G8 Intel

HP ZBook Power G7 G8 Intel

HP EliteBook 850 G7 G8 Intel

HP EliteBook 840 G7 G8 Intel

HP EliteBook 830 G7 G8 Intel

HP EliteBook 855 G7 G8 AMD

HP EliteBook 845 G7 G8 AMD

© Copyright 2022 HP Development Company, L.P. 2 Introduction 8

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Platforms 2020 2021 Processor

(most are
‘S’ Family)

HP EliteBook Zhan66 835 G7 G8 AMD

13 G3

HP ProBook 450 G7 G8 Intel

HP ProBook 440 G7 G8 Intel

HP ProBook 430 G7 G8 Intel

HP ProBook 455 G7 G8 AMD

HP ProBook 445 G7 G8 AMD

HP ProBook 650 G7 G8 Intel

HP ProBook 640 G7 G8 Intel

HP ProBook 635 G7 G8 AMD

HP ProBook 630 G8 Intel

HP EliteBook x360 1040 G7 G8 Intel

HP EliteBook x360 1030 G7 G8 Intel

HP EliteBook x360 830 G7 G8 Intel

HP EliteBook Folio 13.5 2-in-1 G8 Intel

HP EliteBook Dragonfly G2 Intel

HP EliteBook Dragonfly Max Intel

HP EliteBook X2 G8 Intel

HP ProBook x360 11 EE G6 G7 Intel

HP ProBook x360 435 G7 G8 AMD

HP ZHAN 66 Pro 15 G3 Intel

HP ZHAN 66 Pro 14 G3 G4 Intel

HP ZHAN 66 Pro 13 G3 Intel

HP ZHAN 66 Pro A 14 G3 G4 AMD

Table 2 Desktop Generations (UEFI only)

Platforms 2020 2021 Processor

‘S’ Family

UEFI Specification supported: 2.7

HP EliteDesk 800 TWR G6 G8 Intel

HP EliteDesk 800 SFF G6 G8 Intel

HP EliteDesk 800 DM G6 G8 Intel

HP EliteOne 800 AiO G6 G8 Intel

© Copyright 2022 HP Development Company, L.P. 2 Introduction 9

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Platforms 2020 2021 Processor

‘S’ Family

HP EliteDesk 805 SFF G6 G8 AMD

HP EliteDesk 805 DM G6 G8 AMD

HP ProDesk 600 MT G6 Intel

HP ProDesk 680 MT G6 Intel

HP ProDesk 600 SFF G6 Intel

HP ProDesk 600 DM G6 Intel

HP ProOne 600 AiO G6 Intel

HP ProDesk 400 SFF G7 Intel

HP ProDesk 400 MT G7 Intel

HP ProDesk 405 DM G6 AMD

HP ProDesk 405 SFF G6 AMD

HP ProDesk 480 MT G7 Intel

HP ProDesk 400 DM G6 Intel

HP ProOne 400 AiO G6 Intel

HP ProOne 480 AiO G6 Intel

HP Retail Engage One Pro Intel

2.2 Supported models – prior generations (with legacy support)

Chapters 6 through 8 below apply to 2015 and later models that include support for legacy DOS, Windows, and Linux. For
reference, the following table shows the year associated with models covered by the features in those later chapters.

Table 3 Notebook Generations (with legacy support)

Platforms 2015 2016 2017 2018 2019

N P Q Q (most are
Family Family Family Family R Family)

UEFI Specification supported: 2.4 2.5 2.5 2.6 2.6

HP EliteBook Folio 1040 G3

HP ZBook 17 G3 G4 G5 G6

HP ZBook 15 G3 G4 G5 G6

HP ZBook 15u G3 G4 G5 G6

HP ZBook 14u G4 G5 G6

HP EliteBook 1050 G1

HP EliteBook 850 G3 G4 G5 G6

HP EliteBook 840 G3 G4 G5 G6

© Copyright 2022 HP Development Company, L.P. 2 Introduction 10

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Platforms 2015 2016 2017 2018 2019

N P Q Q (most are
Family Family Family Family R Family)

HP EliteBook 820 / 830 G3 G4 G5 G6

HP EliteBook 755 G3 G4

HP EliteBook 745 G3 G4 G5 G6

HP EliteBook 725 / 735 G3 G4 G5 G6

HP ProBook 470 G3 G4 G5

HP ProBook 450 G3 G4 G5

HP ProBook 440 G3 G4 G5

HP ProBook 430 G3 G4 G5

HP ProBook 445 G3 G5 G6, G7

HP EliteFolio 940

HP EliteBook Folio G3

HP EliteBook Revolve 810 G3

HP EliteBook Revolve 840 G4

HP ProBook G2

HP ZBook Studio G3 G4 G5

HP ProBook 455 G4 G5 G6, G7

HP ProBook 640 G3 G4 G5

HP ProBook 645 G3 G4

HP ProBook 650 G3 G4 G5

HP ProBook 655 G3 G4

HP ProBook x360 440 G1

HP ProBook x360 11 EE G5

HP Pro x2 612 G2

HP ZBook x2 G4

HP ZHAN 66 Pro G1 G2

HP EliteBook x360 1020 G2

HP EliteBook x360 1030 G2 G3

HP EliteBook x360 1040 G5

HP Elite x2 1012 G2 G3

HP Mobile Thin Client mt21 X

HP Mobile Thin Client mt44 X

© Copyright 2022 HP Development Company, L.P. 2 Introduction 11

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Table 4 Desktop Generations (with legacy support)

Platforms 2015 2016 2017 2018 2019

UEFI Specification supported: 2.4 2.5 2.5 2.6 2.6

HP EliteOne 1000 AiO G1 G2

HP EliteDesk 800/880 TWR G2 G3 G4 G5

HP EliteDesk 800 SFF G2 G3 G4 G5

HP EliteDesk 800 DM G2 G3 G4 G5

HP EliteOne 800 AiO G2 G3 G4 G5

HP EliteDesk 705 MT G2 G3 G4

HP EliteDesk 705 SFF G2 G3 G4 G5

HP EliteDesk 705 DM G2 G3 G4 G5

HP EliteDesk 705 AiO G2

HP ProDesk 600/680 MT G2 G3 G4 G5

HP ProDesk 600 SFF G2 G3 G4 G5

HP ProDesk 600 DM G2 G3 G4 G5

HP ProOne 600 AiO G2 G3 G4 G5

HP ProDesk 400 SFF G2.5 G4 G5 G6

HP ProDesk 400/480 MT G3 G4 G5 G6

HP ProDesk 490/498 MT G3

HP ProDesk 405 SFF G4

HP ProDesk 405 DM G4

HP ProDesk 400 DM G2 G3 G4 G5

HP ProOne 400 AiO G2 G3 G4 G5

HP ProOne 460/480 AiO G2 G3

HP Retail RP9 (9015/9018) X

HP Retail RP9 (9115/9118) X

HP Retail Engage One X

HP Retail Engage Flex Pro X

HP Elite Slice G1 G2

HP Thin Client t530 X

© Copyright 2022 HP Development Company, L.P. 2 Introduction 12

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

2.3 New in 2020

This is a sampling of the new features and functionalities introduced in 2020 :

• Legacy (DOS) support has been removed

• HP Sure Start ME firmware recovery (Intel systems)
• Extended DMA protection
• Memory encryption setting
NOTE: Some features are platform dependent.

2.4 New in 2021

This is a sampling of the new features and functionalities introduced in 2021 :

• Introduced the HP Cloud Managed and Remote Device Management settings.

NOTE: Some features are platform dependent.

© Copyright 2022 HP Development Company, L.P. 2 Introduction 13

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

3 F10 Main Menu

Organization of the F10 section:
The top-level tabs in BIOS Setup are: Main (chapters 3 & 6), Security (chapters 4 & 7), Advanced (chapters 5 & 8), and UEFI
Drivers (chapter 9).

Each chapter includes a diagram of the first level menu and tables listing and describing the features in each menu or
submenu. The tables include the following sections:

Feature
This is the name of the feature as it appears in the Setup menu. An underlined feature or one prefaced with a box shows
how it appears in the menu. In a few cases a feature has been renamed from one generation to the next.

Type
Features can be settings, actions, another menu, or display-only settings. Most of the features by far are settings. A setting
is a system value that you can modify, using an ‘enable/disable’ check box, a drop-down selection list, or a text entry box.

Description
If the feature is a setting with a drop-down box, then the choices are listed. If the feature is new or has changed its name or
location from the 2014 notebooks or desktops, then the description references or includes its previous name and location.
The notation to describe the location indicates the menus that the user must navigate through to access the feature. For
example: Menu 1 > Menu 2 > Feature X indicates that to access Feature X, the user navigates through Menu 1 to Menu 2.

Default
For features that are settings, this column specifies the factory default setting.

Notes
Some features are not available for all types of models. The notes describe when a feature is Intel only, AMD only, notebook
only, desktop only, or other dependencies.

Some actions require a reboot or physical presence. Physical presence is a menu that requires a human response to validate
that a person is physically present before the action is completed. Actions that require physical presence are generally
security-sensitive changes.

© Copyright 2022 HP Development Company, L.P. 3 F10 Main Menu 14

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Main Security Advanced UEFI Drivers

HP Computer Setup

 System Information
 System Diagnostics
 BIOS Event Log
 Update System BIOS
 Change Date and Time
 System IDs

 Replicated Setup
 Save Custom Defaults
 Apply Custom Defaults and Exit
 Apply Factory Defaults and Exit
 Ignore Changes and Exit
 Save Changes and Exit

© Copyright 2022 HP Development Company, L.P. 3 F10 Main Menu 15

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

3.1 Main Menu

The following table describes the features in the Main menu.

Table 5 Main Menu features

Feature Type Description Default Notes

System Information Menu System information, such as serial number, model

number, CPU type, and memory configuration.

System Diagnostics Menu Application to run diagnostic tests on your system, such
as start-up test, run-in test, memory test, and hard disk
test.

BIOS Event Log Menu Allows displaying, saving, and clearing the Event Log.

Update System BIOS Menu Update system firmware from FAT 32 partition on the
hard drive, a USB disk-on-key, or the network.

Change Date and Time Menu Configure the system Date and Time settings.

System IDs Menu Identification strings that are assigned by an enterprise

to track the system.

Replicated Setup Action Save your current BIOS settings, and later restore your
setting from this file.

Save Custom Defaults Action As an alternative to factory default settings, create Reboot
custom default values for all but the security settings. It required
is not possible to create custom default values for
security settings.

Apply Custom Defaults and Action Set all but the security settings to your custom default
Exit values (initially these are the same as factory defaults).

Apply Factory Defaults and Action Set all but the security settings to factory values. See
Exit Security Menu (2019 and older) to set security settings
to factory values.

Ignore Changes and Exit Action Exits F10 Setup without saving any changes made
during current session.

Save Changes and Exit Action Exits F10 Setup and saves all changes made during the
current session.

3.2 BIOS Event Log Menu

This submenu under the Main menu manages the saved log of select BIOS events and alerts.

View BIOS Event Log Action Immediately displays a list of events, alerts, or warnings
that have been logged since the log was last cleared.

Export to USB Key Action Immediately saves a file named BiosEventLog.txt

containing the log entries to an inserted USB storage
device.

 Clear BIOS Event Log on Setting When checked, the BIOS clears the event log on Save Unchecked
Next Boot and Exit and returns the setting to Unchecked state.

© Copyright 2022 HP Development Company, L.P. 3 F10 Main Menu 16

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

3.3 Update System BIOS Menu

This submenu under the Main menu provides information about the current system firmware, settings, these control
updates, the ability to check for updates over the internet or on the local network, and the ability to update system firmware
from a FAT 32 partition on the hard drive, or a USB disk-on-key.

For the BIOS flash to succeed, do not remove power or turn off the system during any phase of the process. The following
description of the BIOS flash phases helps you avoid interrupting the process. The BIOS flash proceeds in four phases:

1. The system displays a progress bar. When progress is 100%, the system reboots. This is the initial BIOS flash.
Because the system must reset power completely, there might be a delay of between 10 and 15 seconds before
power returns to the system.

2. The screen may be black initially and an LED may be on and blinking. This will occur only if the boot block needs to
be updated. On some models, video cannot be displayed during this phase, so the beep/blink code indicates that
the system BIOS is flashing normally. Other models may display ‘Step 2 of the BIOS update is in progress’ during
this phase. The computer will reboot again, and this might also take 10 to 15 seconds to complete.

3. The message “Final step of the BIOS update is in progress” is displayed.

4. The screen is black for a short period, and then the OS starts. The BIOS update is now complete.

Table 6 Update System BIOS Menu features

Feature Type Description Default Notes

Current System BIOS Display

Version Only

Current BIOS Release Display

Date Only

Installation Date of Display

Current BIOS Only

Most Recent Update Display

Check Only

Check the Network for
BIOS Updates
(or) Check HP.com for
BIOS Updates
Action Updates the system BIOS by using an Reboot
image stored on hp.com or another required
source defined in the BIOS Update
Preferences menu.
When BIOS Source is HP.com, then the
feature appears as Check HP.com for
BIOS Updates.

 Lock BIOS version Setting When checked, disallows BIOS updates. Unchecked

 Native OS Setting When checked, the OS can drive Checked

Firmware Update firmware updates (for example,
Service Windows Update).

BIOS Rollback Policy
Setting Behavior when attempting to roll back Unrestricted Rollback to
to a previous BIOS version. The setting older BIOS
can be set to Unrestricted Rollback to
older BIOS or Restricted Rollback to
older BIOS.

© Copyright 2022 HP Development Company, L.P. 3 F10 Main Menu 17

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Minimum BIOS version Setting Displays Minimum BIOS version

required for optimal operation.

 Allow BIOS Updates Setting When checked, automatic BIOS updates Checked
using a Network are allowed through the network on a
scheduled basis.

BIOS Update Menu Menu with network BIOS update

Preferences settings such as source, actions when
an update is available, and the
frequency to check for updates.

Network Configuration Menu Configure the network connection to

Settings the server that is the host for your
system firmware updates.

Update System and Action Updates the system BIOS by using files Reboot
Supported Device stored on local media such as the hard required
Firmware Using Local drive or a USB drive formatted as
Media FAT32 or EFI system partition. The files
needed to update the system can be
saved to the hard drive or USB device
using the HP Firmware Update &
Recovery app.

3.4 BIOS Update Preferences Menu

The Update System BIOS submenu provides options for updating to the latest system firmware as well as configuring
where to check for system firmware updates, what to do when an update is available, and the frequency to check for them.

Table 7 BIOS Update Preferences Menu features

Feature Type Description Default Notes

 Check for Update on Action When checked, check if an updated BIOS is available during the Unchecked Reboot
Next Reboot next boot. This feature is only necessary from a WMI call. From required
the F10 Setup menu, use the feature Main > Update System
BIOS > Check the Network for BIOS Updates that checks for
updates without a reboot.

BIOS Source Setting Select the source URL for BIOS updates HP.com
• HP.com
• Custom URL

Edit Custom URL Setting When not using HP.com, define the custom URL here.

Automatic BIOS Update Setting Defines how automatic updates behave. The following settings Do Not
Setting are possible: Update
• Do not update
• Check for BIOS updates automatically, but let me
decide whether to install them
• Download and install normal BIOS update
automatically
• Download and install important BIOS updates
automatically

© Copyright 2022 HP Development Company, L.P. 3 F10 Main Menu 18

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

BIOS Update Frequency Setting Sets the frequency of checks to the BIOS update server. If a Monthly
newer version of BIOS has been made available on the network
server, the system will prompt to update the BIOS.
• Daily
• Weekly
• Monthly

3.5 Network Configuration Settings Menu

The System BIOS submenu configures the network connection to the server that is the host for the system firmware
updates.

Table 8 Network Configuration Settings Menu features

Feature Type Description Default Notes

 Proxy Server Setting When checked, enables the use of a proxy server. Unchecked

Edit Proxy Server Setting Specify the Proxy Server Address and the Port Number through
the commonly used <server>:<port> notation.

Test Network Action Check the network connection using current BIOS update
Connection configuration.

IPv4 Configuration Setting The following settings are configurable: Automatic

• Automatic
• Manual

IPv4 Address Setting When IPv4 settings are manual, setup for a static IPv4 address.

IPv4 Subnet Mask Setting When IPv4 settings are manual, configure a valid IPv4 address for
subnet mask.

IPv4 Gateway Setting When IPv4 settings are manual, configure a valid IPv4 address for
gateway.

DNS Configuration Setting Configure a list of DNS addresses. The following settings are Automatic
possible:
• Automatic
• Manual

DNS Addresses Setting When DNS configuration is manual, configure a comma-separated

list of DNS addresses.

Data Transfer Timeout Setting Set data transfer timeout in seconds. Allowed value ranges from 0 100
to 65535 seconds.

 Force HTTP No Cache Setting When checked, disables HTTP caching. This means that caching in Unchecked
upstream proxies is disabled as well, which guarantees that the
BIOS goes all the way to the content source for any updated BIN
files or catalog files but might slow down downloads slightly.

Preboot Wi-Fi Timeout Setting Set Wi-Fi data transfer timeout in seconds. Allowed value ranges 60
from 0 to 65535 seconds.

 Preboot Wi-Fi Master Setting When checked, system will automatically attempt to connect to a Checked
Auto Connect local Wi-Fi hotspot.

© Copyright 2022 HP Development Company, L.P. 3 F10 Main Menu 19

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

3.6 Change Date and Time

Allows the system current Date and Time settings to be configured.

Feature Type Description Default Notes

Set Date (MM/DD/YYYY) Action Set the current date using MM/DD/YYYY format.

Set Time (HH:MM) Action Set the current time using HH:MM (24 hour) format.

3.7 System IDs Menu

This submenu provides identification strings assigned by an enterprise to track the system.

Table 9 System IDs Menu features

Level Feature Type Description Default Notes

2 Asset Tracking Setting Allows custom configuration of an asset tag (up to 80 Serial
Number characters). Number

2 Ownership Tag Setting Allows custom configuration of an ownership tag (up to 80 Blank
characters).

© Copyright 2022 HP Development Company, L.P. 3 F10 Main Menu 20

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

4 Security Menu

Main Security Advanced UEFI Drivers

HP Computer Setup

Administrator Tools
 Create/Change BIOS Administration Password
 Create/Change POST Power-On Password
 Password Policies
 Administrator Authentication Policies
 Fingerprint Reset on Reboot (select products only)

Security Configuration
 TPM Embedded Security
 BIOS Sure Start (select products only)
 Secure Boot Configuration
 Secure Platform Management (SPM) (select products only)
 Physical Presence Interface
 Smart Cover (select products only)
 Trusted Execution Technology (TXT) (select products only)
Intel Software Guard Extensions (SGX) (select products only)
 DRTM/SMM Protection (select products only)

Utilities
 Hard Drive Utilities

Absolute® Persistence Module Current State

 Activation Status : Inactive/Active
 Absolute® Persistence Module Permanent Disable : No/Yes
 System Management Command (SMC)
 Restore Security Settings to Factory Defaults

© Copyright 2022 HP Development Company, L.P. 4 Security Menu 21

HP PC Commercial BIOS (UEFI) Setup
Table 10 Security Menu features
Feature
Create BIOS Administrator
Password
Or Change BIOS
Administrator Password
Create POST Power-On
Password
Or Change POST Power-
On Password
Password Policies
Administrator
Authentication Policies
 Fingerprint Reset on
Reboot
TPM Embedded Security
© Copyright 2022 HP Development Company, L.P.
January 2022
919946-006
Type Description Default Notes
Setting The administrator password controls access to the
setup menu (F10), 3rd Party Option ROM Management
(F3), Update System ROM, WMI commands that
change system settings, and the BIOS Configuration
Utility (BCU). When no administrator password is set,
anyone can change the system settings, add 3rd Party
Option ROM, or update the system ROM. When the
power-on password is set, use the administrator
password as an alternative to power-on the system.
Recommendation: Set an administrator password
when a power-on password is set. When a power-on
password is forgotten, an administrator can reset the
power-on password by using Restore Security
Settings to Factory Defaults.
The Administrator password should always be set to
control remote access to settings.
Setting Password required to power-on the PC, independent
of the OS password. When no password is set, anyone
can turn on the PC. In addition to the administrator
password, there is only one power-on password.
Recommendation: Set an administrator password
when a power-on password is set. When a power-on
password is forgotten, an administrator can reset the
power-on password by using Restore Security
Settings to Factory Defaults.
The power-on password should be set when the
computer is not in a secure location.
Menu Allows the administrator to set password
requirements for BIOS administration and power-on
regarding the use of symbols, numbers, case, and
spaces.
Menu Allows the administrator to determine whether the
administrator password is required to access various
boot menus through hot keys at boot time or to
update the firmware through Windows Update.
NOTE: the settings in this menu were previously
located in the Password Policies menu.
Action When checked, resets the fingerprint on the next Unchecked
reboot. After reboot, this will be unchecked again.
Menu The Trusted Platform Module (TPM) is a dedicated
microprocessor that provides security functions for
secure communication and software and hardware
integrity.
4 Security Menu 22
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

BIOS Sure Start
Menu Settings that control the behavior of HP Sure Start.
HP Sure Start is a built-in hardware security system
that protects your BIOS from accidental or malicious
corruption by (1) detecting BIOS corruption and then
(2) automatically restoring the BIOS to its last
installed HP-certified version. Some platforms in
2019 have the capability to recover Intel ME as well.

Secure Boot Menu Options for managing Secure Boot state and Secure Only
Configuration Boot keys. located here
Secure Boot is a UEFI feature that helps resist attacks on systems
and infection from malware. From the factory, your without
system came with a list of keys that identify trusted legacy
hardware, firmware, and operating system loader support.
code. Your system also has a list of keys to identify
known malware.

Secure Platform Menu Options for managing HP Sure Run,HP Sure Recover,
Management (SPM) and Sure Admin

 Physical Presence Enable or disable the local prompt to confirm that a Checked
Interface sensitive setting change was requested by the user.

Smart Cover Menu Controls settings for Cover Lock and Cover Sensor

 Trusted Execution Setting When checked, enables Trusted Execution Unchecked Intel Only
Technology (TXT) Technology on select Intel-based systems. Reboot
NOTE: Enabling this feature disables OS management Required
of TPM (Embedded Security Device), prevents a reset
of the TPM, and constrains the configuration of VTx,
VTd, and TPM

Intel Software Guard Setting Enables Intel Software Guard Extensions. The Software Intel Only
Extensions (SGX) following settings are possible: control
• Disable –or–
• Enable
Disable
• Software control (non-vPro)

DRTM/SMM Protection Setting Enables Dynamic Root of Trust for Measurement and Unchecked AMD PRO
additional SMM Protections to support operating Processor
system secure launch. Only

NOTE: Enabling this feature constrains the Reboot

configuration of VTx, VTd, TPM, and SVM CPU Required
Virtualization.

Hard Drive Utilities Menu Utilities to protect private information on individual

hard drives: Drive Lock and Secure Erase.

Absolute Persistence Label A subscription service that provides PC theft recovery,

Module tracking and data delete solutions

Activation Status Display The subscription status can be inactive, active, or Inactive
Only permanently disabled.

© Copyright 2022 HP Development Company, L.P. 4 Security Menu 23

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

Absolute Persistence Display Shows current state of the Absolute Persistence No

Module Permanent Only module (Yes = disabled, No = available).
Disable

 System Management Setting When checked, allows authorized HP service Checked Reboot
Command personnel in possession of the PC to reset security Required
settings in case of a customer service event. For
customers that require more BIOS security, uncheck
this to prevent this type of HP service command.
NOTE: If BIOS password is lost and this option is
disabled, HP authorized personnel cannot remove a
lost password.

Restore Security Settings Action Apply factory defaults to all security settings. Reboot
to Default NOTE: Escaping (ESC) at the Reset Request screen will Required
leave settings as they were except for the
Administrator & Power-on passwords which are still
cleared.

4.1 Password Policies Menu

This submenu allows the administrator to set text requirements controlling the use of symbols, numbers, case, and spaces
for the BIOS administrator password and the power-on password. To access this menu, a password must be already set.
Changes to these policies do not apply retroactively to existing passwords.

Table 11 Password Policies Menu features

Feature Type Description Default Notes

Password Minimum Length Setting Allows the administrator to specify the minimum 8
number of characters required for a password.
• Minimum: 4
• Maximum: 32

 At least one symbol Setting When checked, passwords require at least one Unchecked
required in Administrator symbol, such as $, %, ^, &, or #
and User passwords

 At least one number Setting When checked, passwords require at least one Unchecked
required in Administrator number
and User passwords

 At least one upper-case Setting When checked, passwords require at least one upper Unchecked
character required in case character
Administrator and User
passwords

 At least one lower-case Setting When checked, passwords require at least one Unchecked
character required in lowercase character
Administrator and User
passwords

 Are spaces allowed in Setting When checked, passwords can have one or more Unchecked
Admin and User spaces
passwords?

© Copyright 2022 HP Development Company, L.P. 4 Security Menu 24

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

Allow User to Modify Setting Options are No, Change Only, and Change or Delete Change or Delete
Power-on Password

Wake on LAN Power-on Options are Require Password and Bypass Password Require Password
Policy

4.2 Administrator Authentication Policies Menu

This submenu allows the administrator to set limitations to some boot features, such as administrator permissions,
requiring the user to enter an administrator password. To access this menu, a password or a Sure Admin Local Access Key
must be already set.

Table 12 Password Policies Menu features

Feature Type Description Default Notes

 Prompt for Admin Setting When checked, the administrator password is Unchecked
authentication on F9 (Boot required to enter the boot menu.
Menu)

 Prompt for Admin Setting When checked, the administrator password is Unchecked
authentication on F11 required to enter system recovery.
(System Recovery)

 Prompt for Admin Setting When checked, the administrator password is Unchecked
authentication on F12 required to enter the network boot menu.
(Network Boot)

 Prompt for Admin Setting When checked, the administrator password is Unchecked
authentication on Capsule required to process a firmware capsule update.
Update

 BIOS Administrator Setting When not checked, there is only a prompt for the Checked
visible at Power-on Power-on password.
Authentication

© Copyright 2022 HP Development Company, L.P. 4 Security Menu 25

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

4.3 Trusted Platform Module (TPM) Embedded Security Menu

This submenu is for the Trusted Platform Module (TPM). TPM is a dedicated microprocessor that provides security functions
for secure communication and software and hardware integrity. The built-in TPM hardware solution is more secure than a
software-only solution.

Table 13 TPM Embedded Security Menu features

Feature Type Description Default Notes

TPM Display The Trusted Computing Group (TCG) is an industry group that 2.0
Specification Only defines specifications for a TPM. As of this writing, possible TPM
Version specification versions are 1.2 or 2.0.
NOTE: Windows 10 requires TPM 2.0 capability.

TPM Device Setting Makes the TPM available. The following settings are possible: Available Reboot, Physical
• Available Presence Required

• Hidden

 TPM State Setting When checked, enables the ability for the OS to take ownership of Checked Reboot, Physical
the TPM (v1.2) or enables OS and application access to the Presence Required
various security capabilities of the TPM (v2.0).

Clear TPM Action When selected, clears the TPM on the next boot. After clearing No Reboot Required
the TPM, this resets to No. The following settings are possible:
• No
• On next boot

TPM Setting This setting allows an administrator to choose between Allow HP recommends
Activation convenience and extra security. The extra security is to ensure user to an option that
Policy that the user of the system will at least see that the TPM device reject requires the
upgraded its firmware (F1 to Boot), or at most the user has the physical presence
ability to reject the upgrade of the TPM device (Allow user to of the user
reject). These user prompts limit the impact of remote attacks on
the system by requiring a user to be physically present for the
upgrade. When security of the system is of less concern, the third
option (No prompts) removes any requirement for a user to
acknowledge the upgrade. This last option is the most convenient
for remotely upgrading many systems at once.
The following settings are possible:
• F1 to Boot
• Allow user to reject
• No prompts

© Copyright 2022 HP Development Company, L.P. 4 Security Menu 26

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

4.4 BIOS Sure Start Menu

Settings menu for enhanced hardware-based assurance that only HP approved Embedded Controller firmware will run on
the HP Embedded Controller and that only HP approved BIOS will run on the host CPU.

Table 14 BIOS Sure Start Menu features

Feature Type Description Default Notes

 Verify Boot Block Setting When not checked, HP Sure Start verifies the integrity Unchecked Reboot
on Every Boot of HP firmware in the nonvolatile (flash) memory Required
before resume from Sleep, Hibernate, or Off.
When checked, HP Sure Start verifies the integrity of HP
firmware in the nonvolatile (flash) memory across
operating system restart (warm reset) in addition to
resume from Sleep, Hibernate Off. This setting provides
higher security assurance but could increase the time
required to restart the operating system.

BIOS Data Recovery Setting The following settings are possible for HP Sure Start– Automatic Reboot
Policy Recovery Policy: Required
• Automatic
• Manual
Automatic: HP Sure Start automatically repairs any HP
firmware integrity issues in the nonvolatile (flash)
memory.
Manual: HP Sure Start will not repair any HP firmware
integrity issues in the nonvolatile (flash) memory until
the Windows +Up Arrow+ Down Arrow keys are
pressed.
NOTE:
• Manual recovery is intended for use by the
system administrator in the event forensic
investigation is desired before HP Sure Start
repairs the issue. It is not recommended for the
typical user.
• 2020 and later platforms only have automatic
recovery policy but not Manual recovery policy.
Therefore, this setting is not available as an
option in those systems.

Network Controller Action Network Controller Configuration Restore Reboot

Configuration This action restores the network controller parameters Required
Restore to the factory state saved in the HP Sure Start Private
nonvolatile (flash) memory.
NOTE: This process can take up to 30 seconds. You
need to restore this only when the Network Controller
Configuration mismatch warning is set.

 Prompt on Setting When enabled, HP Sure Start will monitor the network Checked Intel Only
Network Controller controller configuration and prompt the local user if Reboot
Configuration any changes are detected compared to the factory Physical
Change configuration. The local user has the option to ignore Presence
the prompt or restore the network controller to the Required
factory configuration when prompted.

© Copyright 2022 HP Development Company, L.P. 4 Security Menu 27

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

 Dynamic Runtime Setting When checked, allows HP Sure Start to verify the Checked Intel only
Scanning of Boot integrity of the HP firmware in the nonvolatile (flash)
Block memory every 15 minutes while the system is on and
the operating system is running.
NOTE: Available on for both NB and DT Intel
platforms.

 Sure Start BIOS Setting Protects critical BIOS Settings by saving a backup copy Unchecked Not accessible
Settings Protection and restoring them if altered. with no Admin
credentials set

 Sure Start Secure Setting Saves backup copy of Secure Boot Keys so that they Checked
Boot Keys can be recovered if someone attempts to alter them in
Protection an unauthorized manner.

 Enhanced HP Setting Monitors key areas of memory for corruption or attack, Checked
Firmware Runtime notifies user of attack (based on the settings in Sure
Intrusion Prevention Start Security Event Policy), and prevents the attack
and Detection from taking place.
NOTE: Available on Intel Sure Start platforms that
support this feature. Available on 2020 and later AMD
Sure Start platforms.

 HP Firmware Setting Monitors key areas of memory for corruption or attack Checked
Runtime Intrusion and notifies user of attack (based on the settings in
Detection Sure Start Security Event Policy).
NOTE: Available on AMD Sure Start platforms prior to
2020.

Sure Start Security Setting Determines how to respond to a detected event: Log Event and
Event Policy • Log event only - Log the event in the audit log. notify user

• Log Event and notify user - Log the event in

the audit log and prompt the user to
acknowledge the event.
• Log Event and power off system - Log the
event in the audit log and power off the
system.
Prior to 2016: Not available

Sure Start Security Enable a warning message at boot screen if there is a Require
Event Boot Sure Start event (BIOS recovery, Memory intrusion, etc.) Acknowledgment
Notification

4.5 Secure Boot Configuration Menu

This submenu controls settings for the Secure Boot OS loader feature.

Table 15 Secure Boot Menu features

Feature Type Description Default Notes

 Secure Boot Setting When checked, enables the Secure Boot capability. Enable

© Copyright 2022 HP Development Company, L.P. 4 Security Menu 28

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

 Import Setting When checked and system is rebooted, custom secure boot keys are Unchecked Reboot
Custom Secure imported from the EFI\HP directory from the hard drive or USB Required
Boot keys device. The custom keys consist of PK, KEK, DB, and Dbx .bin files.
When import succeeds or fails, a preboot prompt shows the results
of each key bin file.

 Clear Secure One Time When checked, clears the Secure Boot keys one time on next save Unchecked Reboot
Boot Keys Action and exit. This setting will be unchecked again when you return from Required
exit. This action is not available when no imported keys are present.

 Reset Secure One Time When checked, restores secure boot keys to factory defaults one Unchecked Reboot
Boot keys to Action time on next save and exit. This setting will be unchecked again Required
factory defaults when you return from exit.

 Enable MS Setting When checked, the Microsoft (MS) UEFI Certificate Authority (CA) key Checked
UEFI CA key is trusted by Secure Boot
NOTE: Uncheck this to support Windows 10 Device Guard feature

Ready BIOS for Action Ready BIOS for Device Guard Use includes a drop-down box that
Device Guard automatically configures the BIOS settings that Windows requires to
Use enable Device Guard or to change the configuration back to the
configuration before Device Guard was enabled. Device Guard is a
Windows feature that enables higher security around drivers and
BIOS behavior.
The following settings are possible:
• Configure on Next Boot
• Clear Configuration on Next Boot
When set to Configure on Next Boot, the BIOS changes the following
settings to the states required by Device Guard after saving changes
and exit.
• Virtualization features are enabled.
• Removable and network boot devices are disabled (for
example, USB boot, CD-ROM boot, Thunderbolt™ boot,
etc.).
• MS UEFI CA Key is disabled.
When set to Clear Configuration on Next Boot, the BIOS sets the
listed features to their Custom Default state if custom defaults have
been saved. If custom defaults have not been saved, the BIOS
restores the listed features to their factory default states.

4.6 Secure Platform Management (SPM)

This submenu controls settings for Secure Platform Management that are used for secure enablement and management of
the HP Sure Run, Sure Recover, and Sure Admin (Enhanced BIOS Authentication Mode) capabilities.

You cannot provision SPM and activate HP Sure Run directly from the BIOS Setup interface. You can provision SPM using HP
Client Security Manager Software or the HP Manageability Integration Kit. When provisioned, the controls in this menu can
be used to deprovision the system or deactivate HP Sure Run.

Table 16 Secure Platform Management Menu features

Feature Type Description Default Notes

SPM Current Setting • Provisioned Not

State (Display • Not provisioned provisioned
Only)

© Copyright 2022 HP Development Company, L.P. 4 Security Menu 29

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Unprovision Action This action deprovisions SPM, which causes HP Sure Run to revert
SPM to the Inactive state and return HP Sure Recover to default
settings.

HP Sure Run Setting • Active Inactive

Current State (Display • Inactive
Only)

Deactivate HP Action This action deactivates HP Sure Run without deprovisioning SPM.
Sure Run

HP Sure Setting • Enabled Disabled

Admin – EBAM (Display • Disabled
Current State Only)

HP Cloud Setting Default to

Managed (Display • Enabled the value by
State Only) HP Cloud
• Disabled
Managed
• Permanently Disabled setting

If permanently disabled, the feature cannot be used and requires

a HP Service to re-enable.

(This setting was introduced in second half of the2021)

HP Cloud This setting allows the machine to trust requests from HP Enabled
Managed management consoles, allowing management of the machine in
a simple, admin-friendly manner.
(This setting was introduced in second half of the2021)

• Enable
• Disable

Display Shows User:

Enrolled Key Owner
Management List
Keys

Remote Setting • Enabled Default to

Device (Display • Disabled the value by
Management Only) Remote
• Permanently Disabled
Status Device
Management
If permanently disabled, the feature cannot be used and requires setting
a HP Service to re-enable.

(This setting was introduced in second half of the2021)

Remote This setting allows a highly secure set of remote management Enabled
Device operations (e.g. lock and wipe) to be performed on the machine.
Management (This setting was introduced in second half of 2021)
• Enable
• Disable

© Copyright 2022 HP Development Company, L.P. 4 Security Menu 30

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Disable EBAM Action This action disables Enhanced BIOS Authentication Mode
(EBAM)

Local Access Setting • Present Not Present

Key (Display • Not Present
Only)

Clear EBAM Action This action deletes all currently established local access keys
Local Access created for Enhanced BIOS Authentication Mode (EBAM)
Key(s) and
Reboot

4.7 Smart Cover Menu

This submenu controls settings for Cover Lock and Cover Sensor Including those associated with the HP Tamper Lock
feature. These settings are only present when the implied optional devices are installed in the system.

Table 17 Smart Cover Menu features

Feature Type Description Default Notes

Cover Setting The Smart Cover Lock is a software-controllable solenoid lock. This lock Unlock Desktop with
Lock restricts unauthorized access to the system’s internal components. The Cover Lock
following settings are possible: Reboot
• Lock Required
• Unlock

Cover Setting The Cover Removal Sensor has the following settings: Disable System with
Removal • Disabled Cover Sensor
Sensor Reboot
• Notify the User: Displays warning message on next boot if opened.
Required
• Administrator Password (when password is set or Sure Admin
Enhanced BIOS Authentication Mode is enabled with a Local Access
Administrator
Key set): Requires entering the administrator password or the PIN
Credential may
(if Local Access Key is present) before continuing to boot after the
not be available
cover is opened.
on all systems
• Administrator Credential: exactly the same behavior as
that support
Administrator Password.
Smart Cover.

Power Setting When checked, if the cover is removed while the system is on or asleep (S3 Disable May not be
off upon or Modern Standby), then system will immediately power down. This available on all
cover setting is only active and can only be modified while Cover Sensor Removal systems that
removal is enabled. This only affects cover removals that occur after the setting is support Smart
set. Cover.

Clear Setting When enabled, if the cover is removed, then TPM will be cleared on the boot Disable May not be
TPM on after the cover was removed. This setting is only active and can only be available on all
boot modified while Cover Removal Sensor is enabled. These only affects cover systems that
after removals that occur after the setting is set. support Smart
cover Cover.
removal

Last Setting This reports the last time the cover was removed and how many times it 0 times May not be
Cover (Display has been removed and acknowledged since it left the factory, in the available on all
Removal Only) following format: MM/DD/YYYY HH:MM:SS. X times. Depending on system systems that
and factors, consecutive cover removals may count as a single cover removal. support Smart
Count Cover.

© Copyright 2022 HP Development Company, L.P. 4 Security Menu 31

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

The date and time may be reported as all 0’s in cases where the value
cannot be determined such as real-time clock power loss.

4.8 Hard Drive Utilities Menu

This submenu provides features that protect the data on individual hard drives, such as recovering the master boot record
(MBR), preventing unauthorized access, and erasing data.

Table 18 Hard Drive Utilities Menu features

Feature Type Description Default Notes

 Save/Restore GPT of Setting When checked, saves a baseline GUID Partition Table that can Unchecked Reboot
System Hard Drive be restored if a change is detected. Required
NOTE: Not applicable for Legacy boot modes
Prior to 2016: Did not exist

Boot Sector (GPT) Setting Allows selection of the default action when an MBR/GPT event Local User
Recovery Policy occurs. Control

DriveLock/Automatic Menu DriveLock prevents unauthorized access to the contents of a

DriveLock selected hard drive.

Secure Erase Action Uses hardware-based methods safely to erase all data and Reboot
Select a Drive… personal information from a selected Hard Drive. Required

 Allow OPAL Hard Setting BIOS supports drive encryption using Drivelock feature by Unchecked Reboot
Drive SID creating the storage device’s ownership key. If BIOS creates Required
Authentication the key, any 3rd party applications (including other encryption
software) are not allowed to perform certain drive operations
such as establishing their own key using SID. Encryption
software applications may or may not be limited by SID
authentication lockout depending on how they are designed.

© Copyright 2022 HP Development Company, L.P. 4 Security Menu 32

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

4.9 DriveLock/Automatic DriveLock Menu

DriveLock prevents unauthorized access to the contents of a selected hard drive. Enter a password to access the drive and
the drive is accessible only when attached to a PC.

NOTE: DriveLock states cannot change after a warm reboot for SATA drives. Power off the system and then boot directly to
the BIOS setup to access these menus. The DriveLock Master/Administrator and User passwords cannot be changed if you
enable Automatic DriveLock.

Table 19 DriveLock Menu features

Feature Type Description Default Notes

 Automatic DriveLock Setting This feature is intended to prevent someone from accessing Disable Power cycle
data on your drive after they have physically removed it from required
your system. A BIOS administrator password is required for
this feature.
When this feature is enabled, the BIOS sets a randomly
generated user password, sets the master password with the
BIOS administrator password, and marks the drive as a
member of an Automatic DriveLock group.
Thereafter, the BIOS automatically unlocks the drive while it is
attached to its host system. If the drive is physically removed
from its host system and attached to another system, the user
is prompted for the DriveLock password. The user must
provide the BIOS administrator password from the original
host system to access the drive.

Set DriveLock Master Setting Creates another password to access a hard drive with Power cycle
Password DriveLock protection. required

Set DriveLock User

Password

Enable DriveLock Setting Enables DriveLock protection and creates a user password Disable Power cycle
distinct from the master password that allows access to the required
hard drive (SATA drives).

For NVMe type drives in the M.2 slot, this requires setting an
administrator password instead of a user password.

Change DriveLock User Action Displayed only if DriveLock is enabled and a valid password Power cycle
Password was supplied at the DriveLock POST prompt. Allows the user required
password to be changed when selected.

Change DriveLock Action Displayed only if DriveLock is enabled and a valid password Power cycle
Master/Administrator was supplied at the DriveLock POST prompt. Allows the master required
Password (SATA) or administrator (NVMe) password to be changed when
selected.

Disable DriveLock Action Displayed only if DriveLock is enabled and a valid password Power cycle
was supplied at the DriveLock POST prompt. Allows DriveLock required
to be disabled when it is enabled.

© Copyright 2022 HP Development Company, L.P. 4 Security Menu 33

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

5 Advanced Menu

Main Security Advanced UEFI Drivers

HP Computer Setup

 Display Language
 Scheduled Power-On

 Boot Options
 HP Sure Recover
 System Options
 Built-In Device Options
 Port Options
 Power Management Options
 Remote Management Options (Intel Only)
 Electronic Labels (Notebook & AiO Only)
 MAC Address Pass Through (Notebook Only)
 Thunderbolt™ Options (2019+ with TBT)

Remote HP PC Hardware Diagnostics

 Settings
 Execute Remote HP PC Hardware Diagnostics

© Copyright 2022 HP Development Company, L.P. 5 Advanced Menu 34

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

5.1 Advanced Menu

For detailed information on the features in the advanced menu, see the following table:

Table 20 Advanced Menu features

Feature Type Description Default Notes

Display Menu Select the display language and the keyboard language. Choose between 15
Language languages. You can display the menu in English, French, German, Spanish,
Italian, Dutch, Danish, Japanese, Norwegian, Portuguese, Swedish, Finnish,
Simplified Chinese, Traditional Chinese, or Russian.
NOTE: Affects the BIOS menus, not the OS nor the WMI commands. Russian
language support is only available in the most recent product generations.

Scheduled Menu Choose days of the week and a single time of day for the system to turn on.
Power On This feature wakes the system up from a turned-off state.

Boot Options Menu Settings that control the behavior of the system during boot up.

HP Sure Menu Settings that control when and how the BIOS should attempt to reinstall the
Recover operating system. Also called OS Recovery.

Secure Boot Menu Starting with Windows 8, Secure Boot is a UEFI feature that helps resist Only here
Configuration attacks and infection from malware. From the factory, your system came on
with a list of keys that identify trusted hardware, firmware, and operating systems
system loader code. Your system also has a list of keys to identify known with
malware. legacy
support.

System Menu Settings that control the CPU, PCI, PCIe, the power button, and function keys.
Options

Built in Menu Settings of other devices built in to the PC.

Device
Options

Port Options Menu Settings that enable or disable ports and interrupts on the system.

Option ROM Menu Configure the Device Option ROMs that load at boot time. Only here
Launch on
Policy systems
with
legacy
support.

Power Menu Settings that control power saving features and the behavior of the system in
Management low power modes.
Options

Remote Menu Settings that control Intel Active Management technology that provides out- Intel Only
Management of-band remote management of the system.
Options

Electronic Display Mandatory certification marks, for example the Federal Communication Notebook
Labels Only Commission (FCC) Declaration of Conformity (Doc) and the CE marking for and All-
Europe. in-One
Only

© Copyright 2022 HP Development Company, L.P. 5 Advanced Menu 35

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

MAC Address Menu Configure a custom Host Based MAC Address (HBMA) for the system as well Notebook
Pass as define the priority of Network Interface Cards (NIC). Only
Through

Remote HP Label Remote HP PC Hardware diagnostics.

PC Hardware
diagnostics

Settings Menu Settings for Remote HP PC Hardware diagnostics.

Execute Action When selected, will download and run HP Remote Diagnostics.
Remote HP
PC Hardware
Diagnostics

5.2 Display Language Menu

This submenu allows for selection of the display language and the keyboard language. For each setting, choose from the
following languages:

• English • Italiano • Português • Nederlands 简体中文

• Deutsch • Français • Danske • Norsk 繁體中文
• Español • 日本語 • Svenska • Suomi • Pусский

NOTE: Affects the BIOS menus, not the OS nor the WMI commands.

Table 21 Display Language Menu features

Feature Type Description Default Notes

Select Language Setting Language used by BIOS setup menus. English

Select Keyboard Layout Setting Language of the keyboard layout used by BIOS setup menus. English

© Copyright 2022 HP Development Company, L.P. 5 Advanced Menu 36

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

5.3 Scheduled Power-On Menu

This submenu controls the days of the week and a single time of day for the system to turn on the computer. This feature
wakes the system up from a powered off state.

Table 22 Scheduled Power-On Menu features

Feature Type Description Default Notes

 Sunday Setting Days of the week selection. Reboot Required

 Monday
 Tuesday
 Wednesday
 Thursday
 Friday
 Saturday

Hour Setting Time selection. 0 Reboot Required

Minute Setting Hour: 0 – 23, Minute: 0 – 59. 0 Reboot Required

5.4 Boot Options Menu

This submenu controls the behavior of the system during boot up.

Table 23 Boot Options Menu features

Feature Type Description Default Notes

Startup Delay Setting Select the number of seconds (0 – 60) to pause the boot before 0
(sec.) starting the OS. Increasing the delay gives more time to press a
key that accesses one of the startup options, such as BIOS Setup
(F10).

 Fast Boot Setting When checked, reduces boot up time by bypassing boot to USB, Checked
CD-ROM, and PXE. This skips some preboot initialization steps.
NOTE: When a power-on password, other security features, or
current boot order have been modified, Fast Boot is ignored.

 CD-ROM Setting When checked, allows system to boot from CD-ROM. Checked
Boot

 USB Setting When checked, allows system to boot from USB devices. Checked
Storage Boot

 Network Setting When checked, allows system to boot from a network card if it Checked
PXE Boot supports PXE or UEFI network boot capability.

 IPv6 during Setting When checked, allows system to process IPv6 packets in pre- Checked
UEFI Boot boot.

 Power On Setting When checked, the notebook will turn on when it is off, when AC Unchecked Notebook Only
When AC power has not been available and then becomes available.
Detected

© Copyright 2022 HP Development Company, L.P. 5 Advanced Menu 37

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

 Power On Setting When checked, the system turns on when the lid opens. Unchecked Notebook Only
When Lid is
Open

 Prompt on Setting When checked, the system pauses during system boot to warn Checked Notebook Only
Battery Errors about battery errors.

 Prompt on Setting When checked, notify the user during the boot process when a Checked
Memory Size memory size change has been detected.
Change

 Prompt on Setting When checked, notify the user during the boot process when a Unchecked
Fixed Storage fixed storage change has been detected.
Change NOTE: This feature will not report a change within a RAID
configuration.

 Audio Alerts Setting When checked, errors trigger audible beeps during POST. Checked
During Boot

 Numlock on Setting Set the keyboard Num Lock control to be on or off when system Unchecked
at Boot is booted.

 UEFI Boot When checked, allows the system to boot from UEFI devices. Checked
Order When Legacy Boot is Disabled, the check boxes for UEFI Boot
Order and Legacy Boot Order will be disabled, because only UEFI
devices can boot in this mode.
When UEFI Boot Order is enabled, the system attempts to boot
from all UEFI devices before any non-UEFI devices.
Arrange the boot order from the UEFI devices found. By default,
the system will arrange the boot order by device type using the
following precedence:
1. USB
2. SATA DVD (Desktop Only)
3. SATA Hard Drives
4. M.2 devices
5. Network Boot
Highlight the list and press Enter to adjust the order of the boot
entries. If a new bootable device is added to the system, it
appears at the bottom of the list, unless it is a USB device that
uses the order of the USB placeholder already in the list.

5.5 HP Sure Recover

Table 24 HP Sure Recover

Feature Type Description Default Notes

HP Sure Setting If this setting is enabled and HP Sure Recover is launched, Checked
Recover the system firmware honors local and remote requests
to reinstall the OS. If it is disabled, all requests to reinstall
the OS are ignored.

© Copyright 2022 HP Development Company, L.P. 5 Advanced Menu 38

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

Recover from Setting If this is enabled, the system firmware obtains the Unchecked Assuming
Network recovery agent from the network. Otherwise, the system Windows 10 is
firmware obtains the recovery agent from a local drive. preinstalled. Gray
when HP Sure
Recover is
disabled

Recover after Setting If this setting is enabled and no bootable UEFI OS is Unchecked Assuming
Boot Failure found, the system firmware launches HP Sure Recover. Windows 10 is
preinstalled. Gray
when HP Sure
Recover is
disabled

rompt before Setting If this setting is enabled and HP Sure Recover is launched Checked Not shown if
Boot Failure because of a boot failure, the user is notified of the boot Recover after Boot
Recovery failure and asked to choose whether to start or cancel HP Failure is
Sure Recover. unchecked

Recovery Label
Agent

URL: Location of the current recovery agent URL. Not shown unless
Recover from
Network checked

Username: User name (optional) to access the recovery agent. Not shown unless
Recover from
Network checked

Provisioning Version of the recovery agent’s provisioning data. This Not shown unless
Version: value will be 0 until a scheduled download occurs after a Recover from
change is made to the recovery agent URL. Network checked

OS Recovery Version of the recovery agent stored in the embedded Not shown unless
Agent Version secure storage device. an embedded
secure storage
device is installed.

Recovery Label
Image

URL: Location of the current recovery image URL. Not shown unless
Recover from
Network checked

Username: Username (optional) to access the recovery image. Not shown unless
Recover from
Network checked

Provisioning Version of the recovery image’s provisioning data. This Not shown unless
Version: value will be 0 until a scheduled download occurs after a Recover from
change is made to the recovery image URL. Network checked

OS Recovery Version of the recovery image stored in the embedded Not shown unless
Image Version secure storage device. an embedded
secure storage
device is installed.

© Copyright 2022 HP Development Company, L.P. 5 Advanced Menu 39

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

OS Recovery Version of the recovery driver stored in the embedded Not shown unless
Driver Version secure storage device. an embedded
secure storage
device is installed.

Embedded Label Reports the size of the embedded secure storage device. Currently 32 Not shown unless
Storage for GB. an embedded
Recovery secure storage
device is installed.

5.6 System Options Menu

Table 25 System Options Menu features

Feature Type Description Default Notes

 Configure Setting When checked, configures SATA Controller for RAID Unchecked Select products
Storage Controller mode. only
for RAID

Configure Setting Enables driver support for NVMe Intel® Optane® Unchecked Intel Only
Storage Controller storage module. Requires additional configuration by
for Intel Optane Intel Rapid Storage Technology software application.
IMPORTANT: After Optane is initialized in the OS, do
not boot with this setting disabled. The OS may
become corrupted unless Optane is unconfigured first.

 Configure Setting When checked, the Intel Volume Management Device Depends on Select products
Storage Controller (VMD) controls the storage devices in the system, factory storage only
for VMD allowing support of RAID and Optane features. configuration

Limit PCIe Speed Setting Allows you to restrict the maximum speed of the PCI Auto Desktop
Express devices to previous generations. The Workstations Only
following settings are possible:
• Auto
• Gen 1 (2.5Gbps)
• Gen 2 (5Gbps)
• Gen 3 (8Gbps)

 Turbo Boost Setting When checked, enables Intel Turbo Boost Technology Checked Intel Only
to improve performance when operation conditions
allow.

 Hyper- Setting When checked, enables hyperthreading capability on Checked Intel CPU with
threading (Intel® Intel processors Hyper-Threading
HT) Intel HT Technology (HT) is designed to improve Only
performance of multithreaded software products and
requires a computer system with a processor
supporting HT and an HT-enabled chipset, BIOS and
OS. Contact your software provider to determine
compatibility. Not all customers or software
applications will benefit from the use of HT.
See http://www.intel.com/info/hyperthreading for
more information.

© Copyright 2022 HP Development Company, L.P. 5 Advanced Menu 40

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

 Virtualization Setting When checked, enables VT on Intel-based systems. Checked Intel Only
Technology (VTx)

 Virtualization Setting When checked, grants virtual machines direct access Checked Intel Only
Technology for to peripheral devices on select Intel-based systems.
Directed I/O (VTd)

 SVM CPU Setting When checked, enables AMD-V and AMD-Vi Unchecked AMD Only
Virtualization virtualization features on AMD-based systems

 Enhanced Hello Setting When checked, enables enhanced Hello sign-in for Unchecked Select products
Sign-in supported versions of Windows by reporting available only
Secure Devices to the operating system.

 DMA Protection Setting When checked, enables DMA redirection using IOMMU Checked Intel 2019+
for enhanced security. AMD 2020+
NOTE: Requires Legacy Support disabled and VTd
enabled.

Pre-boot DMA Setting Secures memory access through DMA to allowed Notebooks: Intel 2019+
Protection regions prior to OS startup. All PCIe Devices AMD 2021+

The following settings are possible: Desktops:

• All PCIe Devices Thunderbolt™
This setting
• All PCIe devices with approved exceptions only - or -
requires DMA
Disable Protection to be
• Thunderbolt™ only (for systems with TBT)
• Disable (for systems without TBT) enabled

Full encryption of Setting When checked, the system stores all data to DRAM in Checked Select products
main memory an encrypted format. only
(DRAM)

 PCI Express x16 Setting When checked, the PCI Express x16 slot is available for Checked Desktop Only
Slot 1 an expansion card. When unchecked, slot is disabled.

 PCI Express x1 Setting When checked, the PCI Express x1 slot is available. Checked Desktop Only
Slot 1 (2) (3)

 PCI Express x4 Setting When checked, the PCI Express x4 slot is available. Checked Desktop Only
Slot 1 (2)

 PCI Slot 1 (2) (3) Setting When checked, the PCI slot is available. Checked Select products
only

 M.2 SSD (1) (2) Setting When checked, the M.2 slot typically used for NVMe Checked Desktop Only
storage modules is available.

 M.2 WLAN/BT Setting When checked, the M.2 slot typically used for the Checked Desktop Only
WLAN module is available.

Fast Charge Setting When checked, battery charge rate is actively Checked Notebook Only
managed by the system using current battery and
charger parameters. When unchecked, rate is fixed.

© Copyright 2022 HP Development Company, L.P. 5 Advanced Menu 41

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

Power Button Setting Disables the power button while off or suspended and On Battery Only Select products
Protection the lid is closed to prevent the system turning on only
when stored (for instance, when in a bag).
The following settings are possible:
• On Battery Only
• Always
• Never

Power button Setting For products with the power button located on the Checked Select products
delay to avoid keyboard, enabling this setting will increase the press only
accidental time required to activate the button to 300 ms.
activation for With the setting disabled the button responds to a
system sleep or keypress in 50 ms.
power down

Power Button Setting Sets the time required to hold the power button down 4 sec Desktop Only
Override for the desktop to turn off, overriding the power
button behavior defined by the operating system. The
following settings are possible:
• Disable
• 4 sec
• 15 sec

 Swap fn and ctrl Setting When checked, switches functionality between fn and Unchecked Notebook Only
(Keys) ctrl keys.

 Launch Hotkeys Setting When checked, allows the fn+fx hot key combinations Unchecked or Notebook Only
without fn to be activated by just pressing the fx key (for Auto (if
keypress instance, f4 instead of fn+f4). Systems with an LED on available)
the fn key support ‘Auto’ setting where fn+ shift
toggles fn lock state – LED On equals unchecked.

 Swap Arrow Setting When checked, switches functionality between Up / Unchecked Select products
Up/Down and Page Down and Page Up / Page Down for platforms with only
Up/Down Function shared keys.

 Special Keys Setting fn+r → Break, fn+s → Sys Rq, fn+c → Scroll lock, Unchecked Select products
mapped to fn+key fn+w → Pause, fn+e → Insert for systems without only
these legacy keys when this setting is checked.

 Max DC Setting When checked, allows Intel Turbo Boost Technology to Unchecked Intel Notebook
Performance activate when a power adapter is not connected. Only
(2019+) Previously called Enable Turbo Boost on DC.

Intel Dynamic Setting Manages power and thermal conditions to keep Checked Intel Notebook
Tuning system from overheating. Previously called DPTF. Only

Sanitization Mode Setting Duration of sanitization mode: 120 Select products

Countdown Timer 15 – 300 (by 15) in seconds (max 255 for some) only

Pre-Sanitization Setting Delay before sanitization mode starts: 3 Select products

Mode Countdown 0 – 10 (by 1) in seconds only
Timer

© Copyright 2022 HP Development Company, L.P. 5 Advanced Menu 42

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

USB Type-C® Setting When checked, allows UCSI to be exposed to the Checked Systems with USB
Connector System operating system (ACPI table) Type-C® ports
Software Interface
(UCSI)

 HP Application Setting Provides ACPI structure to enable HP common Unchecked Device Manager
Driver software application framework. The driver is provided (through 2018) shows alert if this is
in the latest HP support software which can be Checked (2019) enabled without
downloaded from the web. the HP application
driver installed.

 Energy Efficient Setting When checked, allows the system to consider graphics Unchecked Select products
Turbo power when deciding on level of CPU turbo frequency. only

 AMD DASH Setting AMD Remote system management capability. Unchecked AMD Only

 Hardware Setting This setting enables Single Thread Indirect Branch Unchecked AMD Only
enabled Spectre Predictor (STIBP) functionality in AMD processors.
Variant 2
Mitigation

 Enable High Setting Allocate more bandwidth to a USB-C® dock to support Unchecked Notebook Only
Resolution mode the highest resolutions on a DisplayPort monitor
when connected to attached to it,
a USB-C® DP alt
mode dock

Top Cover Function Setting Uncheck to disable the top cover functionality for HP Checked HP Elite Slice Only
Elite Slice.

© Copyright 2022 HP Development Company, L.P. 5 Advanced Menu 43

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

5.7 Built-in Device Options Menu

This menu provides settings for built-in devices on the system.

Table 26 Built-in Device Options Menu features

Feature Type Description Default Notes

 Embedded LAN Setting When checked, enables the integrated network Checked
Controller controller.

Wake on LAN Setting Allows the system to wake via Local Area Network Boot to Network
(LAN). The following settings are possible:
• Disabled
• Boot to Network
• Boot to Hard Drive

 LAN Controller Setting When checked, enables the integrated network Checked Select
Option (1) (2) controller in the designated rear option slot. products only

 Integrated Setting When unchecked, disables the integrated video Checked Desktop with
Video device. When not using the integrated video, disabling discrete
the integrated video will free some system memory. graphics card
only

VGA Boot Device Setting The firmware can use only one graphics device when Add-in graphics Desktop with
booting up; so when there are multiple graphics is set as primary discrete
devices, this feature selects the graphics controller to graphics card
use as the primary VGA device during boot-up. only
• Integrated graphics
• Add-in graphics cards (select products only)

Video Memory Size Setting System memory reserved for video before loading the Intel: 64 MB
OS. Settings vary by platform and generation. AMD: Auto
Examples:
Intel:
• 64 MB
• 128 MB
• 256 MB
• 512 MB
AMD:
• 256 MB
• 512 MB
• Auto

Graphics Setting Set the graphics adapter. The following settings are Hybrid Graphics Multiple
possible and depend on the model of notebook to Graphic Card
OR
determine which are present with the default setting: Notebook
• Hybrid Graphics Auto (select Only
products only)
• UMA Graphic
• Discrete Graphics
• Auto (Let OS decide whether hybrid graphics
is enabled or disabled).

© Copyright 2022 HP Development Company, L.P. 5 Advanced Menu 44

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

 Integrated Setting When checked, enables the integrated webcams. Checked

(Front) (Rear)
Camera

 Internal SD Setting When checked, enables integrated SD card controller. Checked Select
Storage products only

 Fingerprint Setting When checked, enables fingerprint reader. Checked Select

Device products only

Touch Device Setting When checked, enables the touch screen. Checked Select
products only

 Audio Device Setting This setting provides a single point of control for the Checked
integrated microphone, the internal speakers, and the
headphone out.
When checked, the operating system visibility of each
audio device below is controlled independently.
When unchecked, hides all audio devices from the
operating systems. The individual audio device
settings below are also disabled.

 (Integrated ) Setting When unchecked, disables the integrated microphone Checked Notebook Only
Microphone and microphone jack (if present).

Microphone Setting Set the microphone port state. Possible settings are: Enable Desktop Only
• Enable
• Disable
• Disable and Lock
Disable and lock prevents the other audio ports from
being remapped to the microphone function in the OS.

 Internal Setting When unchecked, disables the internal speakers. If Checked

Speakers errors occur during boot-up, the speaker still beeps.
See Boot Options / Audio Alerts During Boot for more
information.

 Headphone Setting When checked, enables the headphone jack. Checked Notebook Only
Output

 Wake on Voice Setting When checked, enables the system to wake with voice Checked Select
(WOV) command. platforms only

 Intel Smart Setting When checked enables Intel Smart Sound. Checked Intel
Sound Notebook Only

 Lock Wireless Setting Prevent changes to the state of physical wireless Unchecked Notebook Only
Button enable/disable button.

 Wireless Setting When checked, enables integrated 802.11 device. Checked Notebook Only
Network Device
(WLAN)

 Bluetooth Setting When checked, enables integrated Bluetooth® device. Checked Notebook Only

 Mobile Network Setting When checked, enables integrated WWAN device. Checked Notebook Only
Device (WWAN)

© Copyright 2022 HP Development Company, L.P. 5 Advanced Menu 45

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

 GPS device Setting When checked, enables integrated GPS device. Checked Notebook Only

 Mobile Network Setting When checked, enables integrated WWAN / GPS Checked Notebook Only
Device (WWAN) combo device.
and GPS Combo
Device

 WWAN Quick Setting Maintains power to WWAN device to enable faster Checked Select
Connect connections. products only

 M.2 USB / Setting When checked, enables the USB connection to the M.2 Checked Desktop Only
Bluetooth WLAN slot (typically used by Bluetooth if present).

HP LAN-Wireless Label
Protection

 LAN/WLAN Auto Setting When checked, enables automatic switching between Unchecked
Switching embedded WLAN device and embedded LAN
controller; disables WLAN when LAN connection is
detected.

 LAN/WWAN Setting When checked, enables automatic switching between Unchecked Notebook Only
Auto Switching embedded WWAN device and embedded LAN
controller; disables WWAN when LAN connection is
detected.

 Wake on WLAN Setting When checked, enables the system to wake via WLAN. Unchecked

 Wake on Setting When checked, enables the notebook to wake via BT Unchecked Notebook Only
Bluetooth input devices. Requires Wake on USB to be enabled.

 Wake on WiGig Setting When checked, enables the notebook to wake via Unchecked Notebook Only
WiGig device.

 Collaboration Setting When checked, enables the capacitive controls for Checked Select
Buttons volume and connect or disconnect to function. products only

Button Sensitivity Setting Controls the touch sensitivity of collaboration buttons. Unchecked Select
Possible settings are: products only
• Low
• Medium
• High

 Hang-up Button Setting When checked, hang-up button must be held at least Unchecked Select
Delay 0.5 sec before activating. products only

 NFC Setting When checked, enable Near Field Communication Checked Select
functionality. products only

 Wake on LAN in Setting When checked and powered by battery, enables the Unchecked Notebook Only
Battery Mode notebook to wake via LAN.

 Fan Always on Setting When checked, leaves the fan on while running on AC Unchecked Notebook Only
while on AC Power power.

Increase Idle Fan Setting Controls the minimum fan speed during periods that 0 Desktop Only
Speed (%) the fan would normally be off under the control of the
desktop thermal sensor. Choose a percentage of the
maximum fan speed: 0 –100%.

© Copyright 2022 HP Development Company, L.P. 5 Advanced Menu 46

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

 Boost Converter Setting When checked, the notebook draws power from the Checked Notebook Only
battery when the system is on AC to give the CPU a
momentary performance gain by increasing the
overall power available to the CPU.

Backlit Keyboard Setting Specifies the timeout period for the keyboard’s 15 seconds Select
Timeout backlight LEDs. The following settings are possible: products only
• 5 secs
• 15 secs
• 30 secs
• 1 min
• 5 min
• Never

 Automatic Setting When checked, keyboard backlight level is affected by Checked Select
Keyboard Backlit ambient light level. The keyboard backlight will remain products only
off while in bright environments to save power.

 Force enable HP Setting When checked, enables HP Sure View’s privacy panel Unchecked Select
Sure View by changing the screen brightness products only

 Magnetic Strip Setting When checked, enables the integrated magnetic strip Checked Select
Reader reader products only

Disable Battery on Action When checked, the battery is put in storage mode Unchecked Requires
next shut down when the system is next shut down. AC power is administrator
required to turn on the system afterwards. password set

 RFID Setting When checked, enables the RFID reader. Checked Select
products only

 TILE Deactivate Setting When TILE Deactivate is checked, LAN and WLAN Unchecked Select
location based services are disabled. products only

Note: TILE features are specific to Intel based

Products.

© Copyright 2022 HP Development Company, L.P. 5 Advanced Menu 47

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

5.8 Port Options Menu

The following table describes various setting options for Ports.

Table 27 Port Options Menu features

Feature Type Description Default Notes

 (Left) (Right) Setting Enable or disable all USB ports on one side of the system Checked
(Front) (Rear) (legacy and Type-C).
(Top) (Bottom)
USB Ports

 (Left) (Right) Setting Enable or disable a specific USB port. Checked Desktop Only
(Front) (Rear) NOTE: When looking at the ports (and in horizontal
USB Port (1) (2) orientation for desktops), count ports from bottom to top,
(3) then left to right.

 Docking USB Setting When unchecked, disables USB ports connected through the Checked Notebook Only
Ports docking connector.

 USB Legacy Setting When checked, enables the USB Type-A charging port to Checked
Port Charging charge devices during hibernation or shutdown.

Disable Charging Setting Prevent charging port from providing power to external 10 Notebook Only
Port in sleep/off devices if the system itself is below a certain battery
if battery below threshold. Possible settings are 10, 20, 30, 40, 50, 60, 70,
(%) 80, 90, 100.

 (Front) (Rear) Setting When unchecked, system will not power Type-C devices in Checked Desktop Only
USB Type-C® the off states.
Downstream
Charging

 Thunderbolt™ Setting When checked, enables integrated Thunderbolt™ ports. Checked Select products
Type-C Ports NOTE: Older systems included additional Thunderbolt™ only
settings in this menu. Starting in 2019 these options have
moved to a separate Thunderbolt™ Options menu.

 Accessory USB Setting When checked, enables the accessory USB port. Checked Desktop
Port Workstations
Only

 (Rear) Option Setting When checked, enables the identified option port without Checked Select products
Port (1) (2) regard to which option type is installed. only

 Option Port (1) Setting When checked, enables additional bandwidth for Unchecked Select products
(2) – HDMI 1.4 DisplayPort® over Type-C to support higher graphics only
Mode resolutions.

 Media Card Setting When checked, enables the integrated media card reader. Checked Notebook & AiO
Reader Only

 Media Card Setting When checked, enables the media card reader connector Checked Desktop Only
Reader/SD_RDR (labeled SD_RDR typically) on a desktop.
USB

SATA (0) (1) (2) Setting When checked, allows the system to access a device Checked Desktop Only
(3) (4) (5) attached to the SATA port.

© Copyright 2022 HP Development Company, L.P. 5 Advanced Menu 48

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

 Serial Port (A, Setting When checked, enables the specified serial ports. Checked Desktop Only
B, C, D, C/D, E/F)

Serial Port Setting Powered Serial port voltage selection on RPOS units that 0 Volts Retail Point of
Voltage (A) (B) include this feature. Possible settings are: Sale Systems
(C) (D) (E) (F) • 0 Volts Only

• 5 Volts
• 12 Volts

 Smart Card Setting When checked, enables integrated Smart Card slot. Checked Notebook Only

 Smart Card Setting When checked, enables the power-saving feature of the Checked Notebook Only
Power Savings Smart Card reader, thus not maintaining a session when the
card is removed.

Cash Drawer Port Setting On select Retail Point of Sale systems, this controls whether Enable Retail Point of
the cash drawer port can be activated or not. Sale Systems
Only

Restrict USB Setting When some devices are restricted, the system disables the Allow all USB
Devices ports at boot-up where a restricted device is installed. That Devices
port is disabled until the next boot. Port configuration is not
changed on insertion. The following settings are possible:
• Allow all USB Devices
• Allow only keyboard and mouse
• Allow all but storage devices and hubs

5.9 Power Management Options Menu

The following table describes various setting options for Power Management Options.

Table 28 Power Management Options Menu features

Feature Type Description Default Notes

 Runtime Setting When checked, enables the processor to run at lower Checked Select products
Power frequencies (P-states) when higher performance is not only
Management needed. When unchecked the processor always runs at
maximum frequency.

 Extended Idle Setting When checked, enables the processor to rest in lower Checked Select products
Power States power states (C-states) when idle. only

 S5 Maximum Setting When checked, minimizes system power consumption Unchecked Desktop Only
Power Savings while in the S5 (off) state.
NOTE: Windows 10 with Fast Startup enabled powers off
to the S4 (suspend to disk) state.

 SATA Power Setting When checked, enables the SATA bus to enter low power Checked Desktop Only
Management states when idle.

 Deep Sleep Setting When checked, reduces power consumption while in Checked Notebook Only
S3/S4/S5 to extend battery life.
NOTE: Enabling deep sleep disables some wake events
such as wake on USB without AC power.

© Copyright 2022 HP Development Company, L.P. 5 Advanced Menu 49

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

 PCI Express Setting When checked, enables PCI Express bus to enter low Checked Desktop Only
Power power states when idle.
Management

 PCIe Speed Setting When checked, allows system to lower PCIe link speeds Checked AMD Notebook
Power Policy when not on AC to save battery power. Only
(PSPP)

 Power On Setting When checked, allows the desktop to turn on by pressing Unchecked Desktop Only
from Keyboard a key on the keyboard, when the keyboard is plugged in to
Ports a port marked with the keyboard symbol.

 Unique Sleep Setting When checked, when the desktop is in the S4 power state, Unchecked Desktop Only
State Blink Rates the power LED periodically blinks four times with a pause.
Unchecked, the desktop does not blink at all in S4 (the
same as S5, power off)
This also affects S3 blink behavior. When checked, the
desktop power LED periodically blinks three times with a
pause, unchecked it blinks once per period.

 Wake when Setting When checked, opening the lid wakes the notebook from Unchecked Notebook Only
Lid is Opened sleep mode

 Wake when AC Setting When checked, allows the system to resume from sleep Notebook Only
is Detected when AC power is detected

 Wake on USB Setting When checked, allows the system to resume from sleep Checked Notebook Only
when a USB input device is triggered (such as mouse
movement or keyboard key-press).

 Power Control Setting When checked, enables the notebook to support power Unchecked Notebook Only
management applications such as IPM+ that help
enterprises reduce power costs by intelligently managing
the battery usage of the notebook.

 Configure Setting When checked, enables support for HPPM 2.0 Unchecked Select products
Battery Charge only

Battery Health Setting Sets charging policy based on optimizing for battery life or Let HP manage Notebook Only
Manager battery duration. The possible settings are: my battery
• Maximize my battery health charging

• Let HP manage my battery charging

 Modern Setting Low power standby mode. This mode replaces the Enable Select products
Standby traditional ACPI S3 sleep and S4 hibernation states. only

© Copyright 2022 HP Development Company, L.P. 5 Advanced Menu 50

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

5.10 Remote Management Options Menu (Intel Only)

The following table describes various setting options for Remote Management Options.

Table 29 Remote Management Options Menu features

Feature Type Description Default Notes

 Active Setting This setting controls the Intel Active Management Checked Intel Only
Management Technology (AMT) remote manageability features. When
Technology unchecked, the network based remote management
(AMT) functionality is disabled.

 USB Key Setting When checked, enables AMT provisioning using a USB Unchecked Intel Only
Provisioning storage device.
Support

 USB Setting When checked, enables support for storage redirection Checked Intel Only
Redirection through USB
Support NOTE: Intel AMT must be correctly provisioned

Unconfigure AMT One When applied, reset AMT configuration options on next Do Not Apply Intel Only
on Next Boot time boot. The following actions are possible:
action • Do Not Apply
• Apply

SOL Terminal Setting Specifies the Serial Over Lan (SOL) terminal emulation ANSI Intel Only
Emulation Mode mode. The following settings are possible:
• ANSI
• VT100

 Show Setting When checked, requires user confirmation when Checked Intel Only
Unconfigure ME unconfiguring Intel Management Engine.
Confirmation
Prompt

o Verbose Boot Setting When checked, report additional information when a boot Unchecked Intel Only
Messages message is displayed.
NOTE: Unavailable when AMT is disabled.

 Watchdog Setting When checked, enables Watchdog Timers. Checked Intel Only
Timer

OS Watchdog Setting Sets OS Watchdog Timer (minutes). Possible values are 5 Intel Only
Timer (min.) from 5 to 25.

BIOS Watchdog Setting Sets BIOS Watchdog Timer (minutes). Possible values are 5 Intel Only
Timer (min.) from 5 to 25.

CIRA Timeout Setting Client Initiated Remote Access timeout. Possible values 1 Intel Only
(min.) are from 1 to 4 minutes or never.

5.11 MAC Address Pass Through (Notebook Only)

The following table describes various settings for the Host-Based MAC Address menu.

© Copyright 2022 HP Development Company, L.P. 5 Advanced Menu 51

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

Host Based MAC Setting Can be set to Disabled, System, or Custom. Setting to System Address Notebook Only
Address System allows all HBMA settings to be modified except (2017+) (2016+)
the custom MAC address. Setting to Custom allows all
settings including the custom MAC address to be
modified.

MAC ADDRESS Setting Configure a custom MAC address. Shows the current Factory MAC Notebook Only
factory and system MAC addresses as well. Address

Reuse Setting When checked, enables the ability to reuse the embedded Disable Notebook Only
Embedded LAN LAN address
Address

 Pre-boot Setting Set Host Based MAC Address (HBMA) support in the Checked but Notebook Only
HBMA Support preboot environment such as PXE. disabled until
Host Based MAC
Address is
enabled

 Windows Setting Set host-based MAC address (HBMA) support in the Checked but Notebook Only
HBMA Support Windows OS environment. greyed out until
Host Based MAC
Address is
enabled

 Single NIC Setting When within Windows OS, only one NIC will operate using Unchecked but Notebook Only
Operation Host Based MAC Address (HBMA). This feature does not greyed out until
(Disable All Other apply to PXE environments. Host Based MAC
NICs when HBMA Address is
is active on one enabled
NIC)

HBMA Priority Setting Change the priority of USB and embedded Network Notebook Only
List Interface Cards (NICs) for the system.

5.12 Thunderbolt™ Options

The following table describes various settings for configuring Thunderbolt™ ports, previously located in the Port Options
menu. This menu organization is new in 2019 for platforms supporting Thunderbolt™ technology. There still remains a
setting in Port Options to turn the Thunderbolt™ port on or off.

Feature Type Description Default Notes

 Thunderbolt™ Setting When checked, enables Thunderbolt™ connections on the Checked

Mode Type-C port.

When unchecked:

• Disables Thunderbolt™ connections on the Type-

C port
• Disables PCIe Tunneling on USB4 connections

 Require BIOS Setting When checked, Thunderbolt™ Security Level cannot be Checked
PW to change changed unless a BIOS administrator password has been
Thunderbolt™ created. This setting cannot be disabled if DMA Protection
Security Level (System Options) is enabled.

© Copyright 2022 HP Development Company, L.P. 5 Advanced Menu 52

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

Thunderbolt™ Setting The following settings are possible: PCIe and

Security Level • PCIe and DisplayPort – No Security DisplayPort –
User
Any Thunderbolt™ device detected that requests a PCI-
Authorization
express connection will be connected to the system’s PCi-
express bus without requiring any approval by the local
user.
• PCIe and DisplayPort – User Authorization
Each Thunderbolt™ peripheral includes a unique identifier
which is used to determine if the device has been previously
connected. In the event the user has previously chosen
Always Connect for that particular device, it will
automatically be connected to the PCI-express bus when
subsequently attached.
• PCIe and DisplayPort – Secure Connect
This option offers enhanced protection for authenticating a
previously connected Thunderbolt™ device beyond relying
on its identifier. The device is provisioned with a key when
initially connected and on subsequent connections, a
challenge-response is implemented to verify the device has
the secret before it is automatically connected to the PCI-
express bus.
• DisplayPort only
Only USB and Display Port functionality will be available via
the Type-C Thunderbolt™ port. PCI-express will not be
connected from the Thunderbolt™ device to the internal
PCI-express interface, thus any Thunderbolt™ device that
requires PCi-express will not function correctly.

 Native PCIe Setting When checked, enables hot plug support to the system’s Disabled
Hot Plug PCI-express bus.

© Copyright 2022 HP Development Company, L.P. 5 Advanced Menu 53

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

5.13 Remote HP PC Hardware Diagnostics Settings

Table 30 Remote HP PC Hardware Diagnostics Features

Feature Type Description Default Notes

Diagnostic Setting HP / Custom URL. HP

Download URL

Custom Setting Location of Remote Diagnostics, if not obtained from the

Download HP server.
Address

Custom Upload Setting Custom location to upload Diagnostic logs.

Address

User Name Setting (Optional) User Name to access custom Diagnostic

location.

Password Setting (Optional) Password to access custom Diagnostic

location.

Scheduled Setting Allow Remote HP PC Diagnostics to run on a set schedule: Disabled

Execution • Enable
• Disable

Frequency Setting Select the frequency for scheduled execution of Remote Weekly
HP PC Hardware Diagnostics:
• Daily
• Weekly
• Monthly

Execute On Next Setting Enable or disable the execution on next boot. The Flag will Disabled
Boot be disabled after the diagnostics have run:
• Enable
• Disable

Last execution Action Displays the result of the last Remote HP PC Diagnostics
Result execution

© Copyright 2022 HP Development Company, L.P. 5 Advanced Menu 54

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

6 F10 Main Menu (2019 and older)

Main Security Advanced UEFI Drivers

HP Computer Setup

 System Information
 System Diagnostics
 BIOS Event Log
 Update System BIOS
 Change Date and Time
 System IDs

 Replicated Setup
 Save Custom Defaults
 Apply Custom Defaults and Exit
 Apply Factory Defaults and Exit
 Ignore Changes and Exit
 Save Changes and Exit

© Copyright 2022 HP Development Company, L.P. 6 F10 Main Menu (2019 and older) 55
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

6.1 Main Menu

The following table describes the features in the Main menu.

Table 31 Main Menu features

Feature Type Description Default Notes

System Information Menu System information, such as serial number, model

number, CPU type, and memory configuration.

System Diagnostics Menu Application to run diagnostic tests on your system, such
as start-up test, run-in test, memory test, and hard disk
test.

BIOS Event Log Menu Allows displaying, saving, and clearing the Event Log.

Update System BIOS Menu Update system firmware from FAT 32 partition on the
hard drive, a USB disk-on-key, or the network.

Change Date and Time Menu Configure the system Date and Time settings.

System IDs Menu Identification strings that assigned by an enterprise to

track the system.

Replicated Setup Action Save your current BIOS settings, and later restore your
setting from this file.

Save Custom Defaults Action As an alternative to factory default settings, create Reboot
custom default values for all but the security settings. It required
is not possible to create custom default values for
security settings.

Apply Custom Defaults and Action Set all but the security settings to your custom default
Exit values (initially these are the same as factory defaults).

Apply Factory Defaults and Action Set all but the security settings to factory values. See
Exit Security Menu (2019 and older) to set security settings
to factory values.

Ignore Changes and Exit Action Exits F10 Setup without saving any changes made
during current session.

Save Changes and Exit Action Exits F10 Setup and saves all changes made during
current session.

6.2 BIOS Event Log Menu

This submenu under the Main menu manages the saved log of select BIOS events and alerts.

View BIOS Event Log Action Immediately displays a list of events, alerts, or warnings
that have been logged since the log was last cleared.

Export to USB Key Action Immediately saves a file named BiosEventLog.txt

containing the log entries to an inserted USB storage
device.

 Clear BIOS Event Log on Setting When checked, the BIOS clears the event log on Save Unchecked
Next Boot and Exit.

© Copyright 2022 HP Development Company, L.P. 6 F10 Main Menu (2019 and older) 56
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

6.3 Update System BIOS Menu

This submenu under the Main menu provides information about the current system firmware, settings, these control
updates, the ability to check for updates over the internet or on the local network, and the ability to update system firmware
from a FAT 32 partition on the hard drive, or a USB disk-on-key.

For the BIOS flash to succeed, do not remove power or turn off the system during any phase of the process. The following
description of the BIOS flash phases helps you avoid interrupting the process. The BIOS flash proceeds in four phases:

1. The system displays a progress bar. When progress is 100%, the system reboots. This is the initial BIOS flash.
Because the system must reset power completely, there might be a delay of between 10 and 15 seconds before
power returns to the system.

2. The screen may be black initially and an LED may be and blink. This will occur only if the boot block needs to be
updated. On some models, video cannot be displayed during this phase, so the beep/blink code indicates that the
system BIOS is flashing normally. Other models may display ‘Step 2 of the BIOS update is in progress’ during this
phase. The computer will reboot again, and this might also take 10 to 15 seconds to complete.

3. The message “Final step of the BIOS update is in progress” is displayed.

4. The screen is black for a short period, and then the OS starts. The BIOS update is now complete.

Table 32 Update System BIOS Menu features

Feature Type Description Default Notes

Current System BIOS Version Display

Only

Current BIOS Release Date Display

Only

Installation Date of Current BIOS Display

Only

Most Recent Update Check Display

Only

Check the Network for BIOS Updates
(or) Check HP.com for BIOS Updates
Action Updates the system BIOS by using an image Reboot
stored on hp.com or another source defined in required
the BIOS Update Preferences menu.
When BIOS source is HP.com, then the feature
appears as Check HP.com for BIOS Updates.

 Lock BIOS version Setting When checked, disallows BIOS updates. Unchecked

 Native OS Firmware Update Service Setting When checked, the OS can drive firmware Checked
updates (for example, Windows Update).

BIOS Rollback Policy Setting Behavior when attempting to roll back to a Unrestricted
previous BIOS version. The setting can be set to Rollback to
Unrestricted Rollback to older BIOS or Restricted older BIOS
Rollback to older BIOS.

Minimum BIOS version Setting Displays Minimum BIOS version required for
optimal operation.

 Allow BIOS Update using a Network Setting When checked, automatic BIOS updates through Checked
the network in a scheduled basis.

© Copyright 2022 HP Development Company, L.P. 6 F10 Main Menu (2019 and older) 57
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

BIOS Update Preferences Menu Menu with network BIOS update settings such as
source, actions when an update is available, and
the frequency to check for updates.

Network Configuration Settings Menu Configure the network connection to the server
that is the host for your system firmware
updates.

Update System and Supported Device
Firmware Using Local Media
Action Updates the system BIOS by using files stored on Reboot
local media such as the hard drive or a USB drive required
formatted as FAT32 or EFI system partition. The
files needed to update the system can be saved
to the hard drive or USB device using the HP
Firmware Update & Recovery app.

6.4 BIOS Update Preferences Menu

The Update System BIOS submenu provides options for updating to the latest system firmware as well as configuring
where to check for system firmware updates, what to do when an update is available, and the frequency to check for them.

Table 33 BIOS Update Preferences Menu features

Feature Type Description Default Notes

 Check for Update on Action When checked, check if an updated BIOS is available during Unchecked Reboot
Next Reboot the next boot. This feature is only necessary from a WMI call. required
From the F10 Setup menu, use the feature Main > Update
System BIOS > Check the Network for BIOS Updates that
checks for updates without a reboot.

BIOS Source Setting Select the source URL for BIOS updates HP.com
• HP.com
• Custom URL

Edit Custom URL Setting When not using HP.com, define the custom URL here.

Automatic BIOS Update Setting Defines how automatic updates behave. The following Do Not
Setting settings are possible: Update
• Do not update
• Check for BIOS updates automatically, but let me
decide whether to install them
• Download and install normal BIOS update
automatically
• Download and install important BIOS updates
automatically

BIOS Update Frequency Setting Sets the frequency of checks to the BIOS update server. If a Monthly
newer version of BIOS has been made available on the
network server, the system will prompt to update the BIOS.
• Daily
• Weekly
• Monthly

© Copyright 2022 HP Development Company, L.P. 6 F10 Main Menu (2019 and older) 58
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

6.5 Network Configuration Settings Menu

The “System BIOS submenu configures the network connection to the server that is the host for the system firmware
updates.

Table 34 Network Configuration Settings Menu features

Feature Type Description Default Notes

 Proxy Server Setting When checked, enables the use of a proxy server. Unchecked

Edit Proxy Server Setting Specify the Proxy Server Address and the Port Number through
the common-used <server>:<port> notation.

Test Network Action Check the network connection using current BIOS update
Connection configuration.

IPv4 Configuration Setting The following settings are configurable: Automatic

• Automatic
• Manual

IPv4 Address Setting When IPv4 settings are manual, setup for static IPv4 address.

IPv4 Subnet Mask Setting When IPv4 settings are manual, configure a valid IPv4 address for
subnet mask.

IPv4 Gateway Setting When IPv4 settings are manual, configure a valid IPv4 address for
gateway.

DNS Configuration Setting Configure a list of DNS addresses. The following settings are Automatic
possible:
• Automatic
• Manual

DNS Addresses Setting When DNS configuration is manual, configure a comma-separated

list of DNS addresses.

Data Transfer Timeout Setting Set data transfer timeout in seconds. Do not use values less than 100
15 seconds.

 Force HTTP No Cache Setting When checked, disables HTTP caching. This means that caching in Unchecked
upstream proxies is disabled as well, which guarantees that the
BIOS goes all the way to the content source for any updated BIN
files or catalog files but might slow down downloads slightly.

6.6 Change Date and Time

Allows the system current Date and Time settings to be configured.

Feature Type Description Default Notes

Set Date (MM/DD/YYYY) Action Set the current date using MM/DD/YYYY format.

Set Time (HH:MM) Action Set the current time using HH:MM (24 hour) format.

© Copyright 2022 HP Development Company, L.P. 6 F10 Main Menu (2019 and older) 59
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

6.7 System IDs Menu

This submenu provides identification strings assigned by an enterprise to track the system.

Table 35 System IDs Menu features

Level Feature Type Description Default Notes

2 Asset Tracking Setting Allows custom configuration of an asset tag (up to 80 Serial
Number characters). Number

2 Ownership Tag Setting Allows custom configuration of an ownership tag (up to 80 Blank
characters).

© Copyright 2022 HP Development Company, L.P. 6 F10 Main Menu (2019 and older) 60
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

7 Security Menu (2019 and older)

Main Security Advanced UEFI Drivers

HP Computer Setup

Administrator Tools
 Create/Change BIOS Administration Password
 Create/Change POST Power-On Password
 Password Policies
 Administrator Authentication Policies
 Fingerprint Reset on Reboot (select products only)

Security Configuration
 TPM Embedded Security
 BIOS Sure Start (select products only)
 Secure Platform Management (SPM) (select products only)
 Physical Presence Interface
 Smart Cover (select products only)
 Trusted Execution Technology (TXT) (select products only)
TXT cannot be enabled unless VTx, VTd and TPM are enabled first
Intel Software Guard Extensions (SGX) (select products only)

Utilities
 Hard Drive Utilities

Absolute® Persistence Module Current State

 Activation Status : Inactive/Active
 Absolute® Persistence Module Permanent Disable : No/Yes
 System Management Command (SMC)
 Restore Security Settings to Factory Defaults

© Copyright 2022 HP Development Company, L.P. 7 Security Menu (2019 and older) 61
HP PC Commercial BIOS (UEFI) Setup
Table 36 Security Menu features
Feature
Create BIOS Administrator
Password
Or Change BIOS
Administrator Password
Create POST Power-On
Password
Or Change POST Power-
On Password
Password Policies
Administrator
Authentication Policies
 Fingerprint Reset on
Reboot
TPM Embedded Security
BIOS Sure Start
Secure Platform
Management (SPM)
© Copyright 2022 HP Development Company, L.P.
January 2022
919946-006
Type Description Default Notes
Setting The administrator password controls access to the
setup menu (F10), 3rd Party Option ROM Management
(F3), Update System ROM, WMI commands that
change system settings, and the BIOS Configuration
Utility (BCU). When no administrator password is set,
anyone can change the system settings, add 3rd Party
Option ROM, or update the system ROM. When the
power-on password is set, use the administrator
password as an alternative to power-on the system.
Recommendation: Set an administrator password
when a power-on password is set. When a power-on
password is forgotten, an administrator can reset the
power-on password by using Restore Security
Settings to Factory Defaults.
Setting Password required to power-on the PC, independent
of the OS password. When no password is set, anyone
can turn on the PC. In addition to the administrator
password, there is only one power-on password.
Recommendation: Set an administrator password
when a power-on password is set. When a power-on
password is forgotten, an administrator can reset the
power-on password by using Restore Security
Settings to Factory Defaults.
Menu Allows the administrator to set password
requirements for BIOS administration and power-on
regarding the use of symbols, numbers, case, and
spaces.
Menu Allows the administrator to determine whether the
administrator password is required to access various
boot menus through hot keys at boot time, or to
update the firmware through Windows Update.
NOTE: the settings in this menu were previously
located in the Password Policies menu.
Action When checked, resets the fingerprint on the next Unchecked
reboot. After reboot, this will be unchecked again.
Menu The Trusted Platform Module (TPM) is a dedicated
microprocessor that provides security functions for
secure communication and software and hardware
integrity.
Menu Settings that control the behavior of HP Sure Start.
HP Sure Start is a built-in hardware security system
that protects your BIOS from accidental or malicious
corruption by (1) detecting BIOS corruption and then
(2) automatically restoring the BIOS to its last
installed HP-certified version. Some platforms in
2019 have the capability to recover Intel ME as well.
Menu Options for managing HP Sure Run and HP Sure
Recover and Sure Admin
7 Security Menu (2019 and older) 62
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

 Physical Presence Enable or disable the local prompt to confirm that a Checked
Interface sensitive setting change was requested by the user.

Smart Cover Menu Controls settings for Cover Lock and Cover Sensor on Desktop
desktop models.

 Trusted Execution Setting When checked, enables Trusted Execution Unchecked Intel Only
Technology (TXT) Technology on select Intel-based systems. Reboot
NOTE: Enabling this feature disables OS management Required
of Embedded Security Device, prevents a reset of the
Embedded Security Device, and constrains the
configuration of VTx, VTd, and Embedded Security
Device

Intel Software Guard Setting Enables Intel Software Guard Extensions. The Software Intel Only
Extensions (SGX) following settings are possible: control
• Disable –or–
• Enable
Disable (non-
• Software control (2016 or later) vPro & 2015)

Hard Drive Utilities Menu Utilities to protect private information on individual

hard drives: Drive Lock and Secure Erase.

Absolute Persistence Label A subscription service that provides PC theft recovery,

Module tracking and data delete solutions

Activation Status Display The subscription status can be inactive, active, or Inactive
Only permanently disabled.

Absolute Persistence Display Shows current state of the Absolute Persistence No

Module Permanent Only module (Yes = disabled, No = available).
Disable

 System Management Setting When checked, allows authorized HP service Checked Reboot
Command personnel in possession of the PC to reset security Required
settings in case of a customer service event. For
customers that require more BIOS security, uncheck
this to prevent this type of HP service command.

Restore Security Settings Action Apply factory defaults to all security settings. Reboot
to Default NOTE: Escaping (ESC) at the Reset Request screen will Required
leave settings as they were except for the
Administrator & Power-on passwords which are still
cleared.

© Copyright 2022 HP Development Company, L.P. 7 Security Menu (2019 and older) 63
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

7.1 Password Policies Menu

This submenu allows the administrator to set text requirements controlling the use of symbols, numbers, case, and spaces
for the BIOS administrator password and the power-on password. To access this menu, a password must be already set.
Changes to these policies do not apply retroactively to existing passwords.

Table 37 Password Policies Menu features

Feature Type Description Default Notes

Password Minimum Length Setting Allows the administrator to specify the minimum 8
number of characters required for a password.
• Minimum: 4
• Maximum: 32

 At least one symbol Setting When checked, passwords require at least one Unchecked
required in Administrator symbol, such as $, %, ^, &, or #
and User passwords

 At least one number Setting When checked, passwords require at least one Unchecked
required in Administrator number
and User passwords

 At least one upper-case Setting When checked, passwords require at least one Unchecked
character required in upper case character
Administrator and User
passwords

 At least one lower-case Setting When checked, passwords require at least one Unchecked
character required in lowercase character
Administrator and User
passwords

 Are spaces allowed in Setting When checked, passwords can have one or more Unchecked
Admin and User spaces
passwords?

Clear Password Jumper Setting On desktops, a jumper is available that, when Honor Desktop
removed, clears the Administrator and power-on Only
passwords. Set this to Ignore to prevent someone
from clearing your passwords with the jumper.
• Honor
• Ignore

 Prompt for Admin Setting When checked, the administrator password is Unchecked
password on F9 (Boot required to enter the boot menu.
Menu) NOTE: moved to new menu in newer products

 Prompt for Admin Setting When checked, the administrator password is Unchecked
password on F11 (System required to enter system recovery.
Recovery) NOTE: moved to new menu in newer products

 Prompt for Admin Setting When checked, the administrator password is Unchecked
password on F12 (Network required to enter the network boot menu.
Boot) NOTE: moved to new menu in newer products

 Prompt for Admin Setting When checked, the administrator password is Unchecked
password on Capsule required to process a firmware capsule update.
Update NOTE: moved to new menu in newer products

© Copyright 2022 HP Development Company, L.P. 7 Security Menu (2019 and older) 64
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

7.2 Administrator Authentication Policies Menu

This submenu allows the administrator to set limitations to some boot features, such as administrator permissions,
requiring the user to enter an administrator password. To access this menu, a password must be already set.

Table 38 Password Policies Menu features

Feature Type Description Default Notes

 Prompt for Admin Setting When checked, the administrator password is Unchecked
authentication on F9 (Boot required to enter the boot menu.
Menu)

 Prompt for Admin Setting When checked, the administrator password is Unchecked
authentication on F11 required to enter system recovery.
(System Recovery)

 Prompt for Admin Setting When checked, the administrator password is Unchecked
authentication on F12 required to enter the network boot menu.
(Network Boot)

 Prompt for Admin Setting When checked, the administrator password is Unchecked
authentication on Capsule required to process a firmware capsule update.
Update

 BIOS Administrator Setting When not checked, there is only a prompt for the Checked
visible at Power-on Power-on password.
Authentication

© Copyright 2022 HP Development Company, L.P. 7 Security Menu (2019 and older) 65
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

7.3 Trusted Platform Module (TPM) Embedded Security Menu

This submenu for the Trusted Platform Module (TPM.) is a dedicated microprocessor that provides security functions for
secure communication and software and hardware integrity. The built-in TPM hardware solution is more secure than a
software-only solution.

Table 39 TPM Embedded Security Menu features

Feature Type Description Default Notes

TPM Display The Trusted Computing Group (TCG) is an industry group that
Specification Only defines specifications for a TPM. As of this writing, possible TPM
Version specification versions are 1.2 or 2.0.
NOTE: Windows 10 requires TPM 2.0 capability.

TPM Device Setting Makes the TPM available. The following settings are possible: Available Reboot, Physical
• Available Presence Required

• Hidden

 TPM State Setting When checked, enables the ability for the OS to take ownership of Checked Reboot, Physical
the TPM (v1.2) or enables OS and application access to the Presence Required
various security capabilities of the TPM (v2.0).

Clear TPM Action When selected, clears the TPM on the next boot. After clearing No Reboot Required
the TPM, this resets to No. The following settings are possible:
• No
• On next boot

TPM Setting This setting allows an administrator to choose between Allow HP recommends
Activation convenience and extra security. The extra security is to ensure user to an option that
Policy that the user of the system will at least see that the TPM device reject requires the
upgraded its firmware (F1 to Boot), or at most the user has the physical presence
ability to reject the upgrade of the TPM device (Allow user to of the user
reject.) These user prompts limit the impact of remote attacks on
the system by requiring a user to be physically present for the
upgrade. When security of the system is of less concern, the third
option (No prompts) removes any requirement for a user to
acknowledge the upgrade. This last option is the most convenient
for remotely upgrading many systems at once.
The following settings are possible:
• F1 to Boot
• Allow user to reject
• No prompts

© Copyright 2022 HP Development Company, L.P. 7 Security Menu (2019 and older) 66
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

7.4 BIOS Sure Start Menu

Settings menu for enhanced hardware-based assurance that only HP approved Embedded Controller firmware will run on
the HP Embedded Controller and that only HP approved BIOS will run on the host CPU.

Table 40 BIOS Sure Start Menu features

Feature Type Description Default Notes

 Verify Boot Block Setting When not checked, HP Sure Start verifies the integrity Unchecked Reboot
on Every Boot of HP firmware in the nonvolatile (flash) memory Required
before resume from Sleep, Hibernate, or Off.
When checked, HP Sure Start verifies the integrity of
HP firmware in the nonvolatile (flash) memory across
operating system restart (warm reset) in addition to
resume from Sleep, Hibernate Off. This setting
provides higher security assurance but could increase
the time required to restart operating system.

BIOS Data Recovery Setting The following settings are possible for HP Sure Start– Automatic Reboot
Policy Recovery Policy: Required
• Automatic
• Manual
Automatic: HP Sure Start automatically repairs any HP
firmware integrity issues in the nonvolatile (flash)
memory.
Manual: HP Sure Start will not repair any HP firmware
integrity issues in the nonvolatile (flash) memory until
the Windows +Up Arrow+ Down Arrow keys are
pressed.
NOTE: Manual recovery is intended for use by the
system administrator in the event forensic
investigation is desired before HP Sure Start repairs the
issue. It is not recommended for the typical user.

Network Controller Action Network Controller Configuration Restore Reboot

Configuration This action restores the network controller parameters Required
Restore to the factory state saved in the HP Sure Start Private
nonvolatile (flash) memory.
NOTE: This process can take up to 30 seconds. You
need to restore this only when the Network Controller
Configuration mismatch warning is set.

 Prompt on Setting When enabled, HP Sure Start will monitor the network Checked Intel Only
Network Controller controller configuration and prompt the local user if Reboot
Configuration any changes are detected compared to the factory Physical
Change configuration. The local user has the option to ignore Presence
the prompt or restore the network controller to the Required
factory configuration when prompted.

 Dynamic Runtime Setting When checked, allows HP Sure Start to verify the Checked
Scanning of Boot integrity of the HP firmware in the nonvolatile (flash)
Block memory every 15 minutes while the system is on and
the operating system is running.

© Copyright 2022 HP Development Company, L.P. 7 Security Menu (2019 and older) 67
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

 Sure Start BIOS Setting Protects critical BIOS Settings by saving a backup copy Unchecked Not accessible
Settings Protection and restoring them if altered. with no Admin
password set

 Sure Start Secure Setting Saves backup copy of Secure Boot Keys so that they Unchecked
Boot Keys can be recovered if someone attempts to alter them in
Protection an unauthorized manner.

 Enhanced HP Setting Monitors key areas of memory for corruption or attack, Checked
Firmware Runtime notifies user of attack (based on the settings in Sure
Intrusion Prevention Start Security Event Policy), and prevents the attack
and Detection from taking place.
NOTE: Only available on certain Intel systems.

 HP Firmware Setting Monitors key areas of memory for corruption or attack Checked
Runtime Intrusion and notifies user of attack (based on the settings in
Detection Sure Start Security Event Policy).
NOTE: Only available on certain AMD chipset systems
2016 or later.

Sure Start Security Setting Determines how to respond to a detected event: Log Event and
Event Policy • Log the event in the audit log. notify user

• Log the event in the audit log and prompt the

user to acknowledge the event.
• Log the event in the audit log and power off
the system.
Prior to 2016: Not available

Sure Start Security Enable a warning message at boot screen if there is a Require
Event Boot Sure Start event (BIOS recovery, Memory intrusion, Acknowledgment
Notification etc.)

7.5 Smart Cover Menu (Desktop Only)

This submenu controls settings for Cover Lock and Cover Sensor.

Table 41 Smart Cover Menu features

Feature Type Description Default Notes

Cover Setting The Smart Cover Lock is a software-controllable solenoid lock. This lock Unlock Desktop
Lock restricts unauthorized access to the system’s internal components. The with Cover
following settings are possible: Lock
• Lock Reboot
• Unlock Required

Cover Setting The Cover Removal Sensor has the following settings: Disable Desktop
Removal • Disabled with Cover
Sensor Sensor
• Notify the User: Displays warning message on next boot if opened.
Reboot
• Administrator Password (when password is set): Requires entering
Required
the administrator password before continuing to boot after the
cover is opened.

© Copyright 2022 HP Development Company, L.P. 7 Security Menu (2019 and older) 68
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

7.6 Secure Platform Management (SPM)

This submenu controls settings for Secure Platform Management that are used for secure enablement and management of
the HP Sure Run and Sure Recover capabilities.

You cannot provision SPM and activate HP Sure Run directly from the BIOS Setup interface. You can provision SPM using HP
Client Security Manager Software or the HP Manageability Integration Kit. When provisioned, the controls in this menu can
be used to deprovision the system or deactivate HP Sure Run.

Table 42 Secure Platform Management Menu features

Feature Type Description Default Notes

HP Sure Setting • Inactive Inactive

Run (Display • Active
Current Only)
State

Deactivate Action This action deactivates HP Sure Run without deprovisioning SPM.
HP Sure
Run

SPM Setting • Provisioned Un-

Current (Display • Un-provisioned provisioned
State Only)

Unprovision Action This action deprovisions SPM, which causes HP Sure Run to revert to
SPM the Inactive state and return HP Sure Recover to default settings.

7.7 HP Sure Admin Enhanced BIOS Authentication Mode (EBAM)

This submenu allows the administrator to disable and un-provision the EBAM alternative authentication method and keys
when this feature is fully enabled by associated software. Initialization and provisioning of the feature may be supported by
future HP Manageability Integration Kit releases.

© Copyright 2022 HP Development Company, L.P. 7 Security Menu (2019 and older) 69
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Table 43 Enhanced BIOS Authentication Mode (EBAM) Menu features

Feature Type Description Default Notes

EBAM Current State: Setting

Disabled (Display
Only)

Disable EBAM Action This action deactivates HP Enhanced

BIOS Authentication Mode.

Local Access Key: Setting Local Access Key is the public key
Not Present (Display that is used by BIOS (as part of Sure
Only) Admin mode) to generate the
encrypted “Challenge QR-code” that
is used to control access to F10
setup (response PIN is obtained
using the HP Sure Admin Local
Access Authenticator to read the
QR-code and decrypt [if it has
access to the private Local Access
Key] it to obtain the response PIN)

Clear EBAM Local Access Key(s) and Action This action deletes all currently
Reboot established EBAM Local Access
Keys.

© Copyright 2022 HP Development Company, L.P. 7 Security Menu (2019 and older) 70
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

7.8 Hard Drive Utilities Menu

This submenu provides features that protect the data on individual hard drives, such as recovering the master boot record
(MBR), preventing unauthorized access, and erasing data.

Table 44 Hard Drive Utilities Menu features

Feature Type Description Default Notes

 Save/Restore MBR of Setting When checked, saves a baseline MBR that can be restored if a Unchecked Reboot
the system hard drive change is detected Required
NOTE: Not applicable for UEFI boot modes

 Save/Restore GPT of Setting When checked, saves a baseline GUID Partition Table that can Unchecked Reboot
System Hard Drive be restored if a change is detected. Required
NOTE: Not applicable for Legacy boot modes
Prior to 2016: Did not exist

Boot Sector (MBR/GPT) Setting Allows selection of the default action when an MBR/GPT event Local User
Recovery Policy occurs. Control

DriveLock/Automatic Menu DriveLock prevents unauthorized access to the contents of a

DriveLock selected hard drive.

Secure Erase Action Uses hardware-based methods to erase safely all data and Reboot
Select a Drive… personal information from a selected Hard Drive. Required

 Allow OPAL Hard Setting BIOS supports drive encryption using Drivelock feature by Unchecked Reboot
Drive SID creating the storage device’s ownership key. If BIOS creates Required
Authentication the key, any 3rd party applications (including other encryption
software) are not allowed to perform certain drive operations
such as establishing their own key using SID. Encryption
software applications may or may not be limited by SID
authentication lockout depending on how they are designed.

© Copyright 2022 HP Development Company, L.P. 7 Security Menu (2019 and older) 71
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

7.9 DriveLock/Automatic DriveLock Menu

DriveLock prevents unauthorized access to the contents of a selected hard drive. Enter a password to access the drive and
the drive is accessible only when attached to a PC.

NOTE: DriveLock states cannot change after a warm reboot for SATA drives. Power off the system and then boot directly to
the BIOS setup to access these menus. The DriveLock Master/Administrator and User passwords cannot be changed if you
enable Automatic DriveLock. Some earlier generations of systems do not support DriveLock on NVMe storage devices.

Table 45 DriveLock Menu features

Feature Type Description Default Notes

 Automatic DriveLock Setting This feature is intended to prevent someone from accessing Disable Power
data on your drive after they have physically removed it from cycle
your system. A BIOS administrator password is required for this required
feature.
When this feature is enabled, the BIOS sets a randomly
generated user password, sets the master password with the
BIOS administrator password, and marks the drive as a member
of an Automatic DriveLock group.
Thereafter, the BIOS automatically unlocks the drive while it is
attached to its host system. If the drive is physically removed
from its host system and attached to another system, the user is
prompted for the DriveLock password. The user must provide
the BIOS administrator password from the original host system
to access the drive.

Set DriveLock Master Setting Creates another password to access a hard drive with DriveLock Power
Password protection. cycle
required
Set DriveLock User
Password

Enable DriveLock Setting Enables DriveLock protection and creates a user password Disable Power
distinct from the master password that allows access to the cycle
hard drive (SATA drives). required

For NVMe type drives in the M.2 slot, this requires setting an
administrator password instead of a user password.

Change DriveLock User Action Displayed only if DriveLock is enabled and a valid password was Power
Password supplied at the DriveLock POST prompt. Allows the user cycle
password to be changed when selected. required

Change DriveLock Action Displayed only if DriveLock is enabled and a valid password was Power
Master/Administrator supplied at the DriveLock POST prompt. Allows the master cycle
Password (SATA) or administrator (NVMe) password to be changed when required
selected.

Disable DriveLock Action Displayed only if DriveLock is enabled and a valid password was Power
supplied at the DriveLock POST prompt. Allows DriveLock to be cycle
disabled when it is enabled. required

© Copyright 2022 HP Development Company, L.P. 7 Security Menu (2019 and older) 72
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

8 Advanced Menu (2019 and older)

Main Security Advanced UEFI Drivers

HP Computer Setup

 Display Language
 Scheduled Power-On

 Boot Options
 HP Sure Recover
 Secure Boot Configuration
 System Options
 Built-In Device Options
 Port Options
 Option ROM Launch Policy
 Power Management Options
 Remote Management Options (Intel Only)
 Electronic Labels (Notebook & AiO Only)
 MAC Address Pass Through (Notebook Only)
 Thunderbolt™ Options (2019+ with TBT)

Remote HP PC Hardware Diagnostics

 Settings
 Execute Remote HP PC Hardware Diagnostics

© Copyright 2022 HP Development Company, L.P. 8 Advanced Menu (2019 and older) 73
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

8.1 Advanced Menu

For detailed information on the features in the advanced menu, see the following table:

Table 46 Advanced Menu features

Feature Type Description Default Notes

Display Menu Select the display language and the keyboard language. Choose between
Language 15 languages. You can display the menu in English, French, German,
Spanish, Italian, Dutch, Danish, Japanese, Norwegian, Portuguese,
Swedish, Finnish, Simplified Chinese, Traditional Chinese, or Russian.
NOTE: Affects the BIOS menus, not the OS nor the WMI commands.
Russian language support is only available in the most recent product
generations.

Scheduled Menu Choose days of the week and a single time of day for the system to turn
Power On on. This feature wakes the system up from a turned-off state.

Boot Options Menu Settings that control the behavior of the system during boot up.

HP Sure Menu Settings that control when and how the BIOS should attempt to reinstall
Recover the operating system. Also called OS Recovery.

Secure Boot Menu Starting with Windows 8, Secure Boot is a UEFI feature that helps resist
Configuration attacks and infection from malware. From the factory, your system came
with a list of keys that identify trusted hardware, firmware, and operating
system loader code. Your system also has a list of keys to identify known
malware.

System Menu Settings that control the CPU, PCI, PCIe, the power button and function
Options keys.

Built in Menu Settings of other devices built-in to the PC.

Device
Options

Port Options Menu Settings that enable or disable ports and interrupts on the system.

Option ROM Menu Configure the Device Option ROMs that load at boot time.
Launch
Policy

Power Menu Settings that control power saving features and the behavior of the
Management system in low power modes.
Options

Remote Menu Settings that control Intel Active Management technology that provides Intel Only
Management out-of-band remote management of the system.
Options

Electronic Display Mandatory certification marks, for example the Federal Communication Notebook
Labels Only Commission (FCC) Declaration of Conformity (Doc) and the CE marking for and All-in-
Europe. One Only

MAC Address Menu Configure a custom Host Based MAC Address (HBMA) for the system as System Notebook
Pass well as define the priority of Network Interface Cards (NIC). Address Only
Through (2017+)

Remote HP Label Remote HP PC Hardware diagnostics.

PC Hardware
diagnostics

© Copyright 2022 HP Development Company, L.P. 8 Advanced Menu (2019 and older) 74
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

Settings Menu Settings for Remote HP PC Hardware diagnostics.

Execute Action When selected, will download and run HP Remote Diagnostics.
Remote HP
PC Hardware
Diagnostics

8.2 Display Language Menu

This submenu allows for selection of the display language and the keyboard language. For each setting, choose from the
following languages:

• English • Italiano • Português • Nederlands 简体中文

• Deutsch • Français • Danske • Norsk 繁體中文
• Español • 日本語 • Svenska • Suomi • Pусский
NOTE: Affects the BIOS menus, not the OS nor the WMI commands.

Table 47 Display Language Menu features

Feature Type Description Default Notes

Select Language Setting Language used by BIOS setup menus. English

Select Keyboard Layout Setting Language of the keyboard layout used by BIOS setup menus. English

© Copyright 2022 HP Development Company, L.P. 8 Advanced Menu (2019 and older) 75
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

8.3 Scheduled Power-On Menu

This submenu controls the days of the week and a single time of day for the system to turn on the computer. This feature
wakes the system up from a powered off state.

Table 48 Scheduled Power-On Menu features

Feature Type Description Default Notes

 Sunday Setting Days of the week selection. Reboot Required

 Monday
 Tuesday
 Wednesday
 Thursday
 Friday
 Saturday

Hour Setting Time selection. 0 Reboot Required

Minute Setting Hour: 0 – 23, Minute: 0 – 59. 0 Reboot Required

8.4 Boot Options Menu

This submenu controls the behavior of the system during boot up.

Table 49 Boot Options Menu features

Feature Type Description Default Notes

Startup Delay Setting Select the number of seconds (0 – 60) to pause the boot before 0
(sec.) starting the OS. Increasing the delay gives more time to press a
key that accesses one of the startup options, such as BIOS Setup
(F10).

 Fast Boot Setting When checked, reduces boot up time by bypassing boot to USB, Checked
CD-ROM, and PXE. This skips some preboot initialization steps.
NOTE: When a power-on password, other security features, or
current boot order have been modified, Fast Boot is ignored.

 CD-ROM Setting When checked, allows system to boot from CD-ROM. Checked
Boot

 USB Setting When checked, allows system to boot from USB devices. Checked
Storage Boot

 Network Setting When checked, allows system to boot from a network card if it Checked
PXE Boot supports PXE or UEFI network boot capability.

After Power Setting Specifies the desktop state after power loss. The following Power Off Desktop Only
Loss settings are possible:
• Power Off
• Power On
• Previous State

 Power On Setting When checked, the notebook will turn on when it is off, when AC Unchecked Notebook Only
When AC power has not been available and then becomes available.
Detected

© Copyright 2022 HP Development Company, L.P. 8 Advanced Menu (2019 and older) 76
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

 Power On Setting When checked, the system turns on when the lid opens. Unchecked Notebook Only
When Lid is
Open

 Prompt on Setting When checked, the system pauses during system boot to warn Checked Notebook Only
Battery Errors about battery errors.

 Audio Alerts Setting When checked, errors trigger audible beeps during POST. Checked
during boot

 Prompt on Setting When checked, notify the user during the boot process when a Checked
Memory Size memory size change has been detected.
Change

 Prompt on Setting When checked, notify the user during the boot process when a Unchecked
Fixed Storage fixed storage change has been detected.
Change NOTE: This feature will not report a change within a RAID
configuration.

Audio Alerts Setting When checked, errors trigger audible beeps during POST. Checked
During Boot

Numlock on at Setting Set the keyboard Num Lock control to be on or off when system Unchecked
Boot is booted.

 UEFI Boot When checked, allows the system to boot from UEFI devices. Checked
Order When Legacy Boot is Disabled, the check boxes for UEFI Boot
Order and Legacy Boot Order will be disabled, because only UEFI
devices can boot in this mode.
When UEFI Boot Order is enabled, the system attempts to boot
from all UEFI devices before any non-UEFI devices.
Arrange the boot order from the UEFI devices found. By default,
the system will arrange the boot order by device type using the
following precedence:
6. USB
7. SATA DVD (Desktop Only)
8. SATA Hard Drives
9. M.2 devices
10. Network Boot
Highlight the list and press Enter to adjust the order of the boot
entries. If a new bootable device is added to the system, it
appears at the bottom of the list, unless it is a USB device that
uses the order of the USB placeholder already in the list.

© Copyright 2022 HP Development Company, L.P. 8 Advanced Menu (2019 and older) 77
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

 Legacy Setting When checked, allows the system to boot from non-UEFI devices. Checked
Boot Order Requires Legacy Boot Enable and Secure Boot Disable. See
Secure Boot Configuration > Configure Legacy Support and
Secure Boot.
When Legacy Boot is Disabled, the check boxes for UEFI Boot
Order and Legacy Boot Order are disabled, because only UEFI
devices can boot in this mode.
When enabling the UEFI Boot Order, the system attempts to boot
from all UEFI devices before any non-UEFI devices.
Arrange the boot order from the non-UEFI devices found. By
default, the system arranges the boot order by device type using
the following precedence:
1. USB
2. SATA DVD (Desktop Only)
3. SATA Hard Drives
4. M.2 devices
5. Network Boot
NOTE: No boot devices are shown if Legacy Support is off.

8.5 HP Sure Recover

Table 50 HP Sure Recover

Feature Type Description Default Notes

HP Sure Setting If this setting is enabled and HP Sure Recover is launched, Checked
Recover the system firmware honors local and remote requests
to reinstall the OS. If it is disabled, all requests to reinstall
the OS are ignored.

Recover from Setting If this is enabled, the system firmware obtains the Unchecked Assuming
Network recovery agent from the network. Otherwise, the system Windows 10 is
firmware obtains the recovery agent from a local drive. preinstalled

Recover after Setting If this setting is enabled and no bootable UEFI OS is Unchecked Assuming
Boot Failure found, the system firmware launches HP Sure Recover. Windows 10 is
preinstalled

Prompt before Setting If this setting is enabled and HP Sure Recover is launched Checked Not shown if
Boot Failure because of a boot failure, the user is notified of the boot Recover after Boot
Recovery failure and asked to choose whether to start or cancel HP Failure is
Sure Recover. unchecked

Recovery Label Not shown unless

Agent Recover from
Network checked

URL: Location of the current recovery agent URL. Not shown unless
Recover from
Network checked

Username: User name (optional) to access the recovery agent. Not shown unless
Recover from
Network checked

© Copyright 2022 HP Development Company, L.P. 8 Advanced Menu (2019 and older) 78
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

Provisioning Version of the recovery agent’s provisioning data. This Not shown unless
Version: value will be 0 until a scheduled download occurs after a Recover from
change is made to the recovery agent URL. Network checked

Recovery Label Not shown unless

Image Recover from
Network checked

URL: Location of the current recovery image URL. Not shown unless
Recover from
Network checked

Username: Username (optional) to access the recovery image. Not shown unless
Recover from
Network checked

Provisioning Version of the recovery image’s provisioning data. This Not shown unless
Version: value will be 0 until a scheduled download occurs after a Recover from
change is made to the recovery image URL. Network checked

8.6 Secure Boot Configuration Menu

This submenu allows the user to configure boot mode and Secure Boot. Starting with Windows 8, Secure Boot is a UEFI
feature that helps resist attacks and infection from malware. From the factory, your system came with a list of keys that
identify trusted hardware, firmware, and an operating system loader code. It also created a list of keys to identify known
malware.

Table 51 Secure Boot Configurations Menu features

Feature Type Description Default Notes

Configure Legacy Setting Legacy Support has the ability to boot from a non-UEFI OS Dependent
Support and Secure device. Only UEFI devices can support Secure Boot. The
Boot following settings are possible:
• Legacy Support Enable and Secure Boot Disable
• Legacy Support Disable and Secure Boot Enable
• Legacy Support Disable and Secure Boot Disable

 Import Custom Setting When checked and system is rebooted, custom secure boot Unchecked Reboot
Secure Boot keys keys are imported from the EFI\HP directory from the hard Required
drive or USB device. The custom keys consist of PK, KEK, DB,
and Dbx .bin files. When import succeeds or fails, a preboot
prompt shows the results of each key bin file.

 Clear Secure Boot One When checked, clears the Secure Boot keys one time on next Unchecked Reboot
Keys Time save and exit. This setting will be unchecked again when you Required
Action return from exit. This action is not available when Legacy
Support is enabled or when no imported keys are present.

 Reset Secure Boot One When checked, restores secure boot keys to factory defaults Unchecked Reboot
keys to factory Time one time on next save and exit. This setting will be unchecked Required
defaults Action again, when you return from exit.

 Enable MS UEFI CA Setting When checked, the Microsoft (MS) UEFI Certificate Authority Checked
key (CA) key is trusted by Secure Boot
NOTE: Uncheck this to support Windows 10 Device Guard
feature

© Copyright 2022 HP Development Company, L.P. 8 Advanced Menu (2019 and older) 79
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Ready BIOS for Device Action Ready BIOS for Device Guard Use includes a drop-down box
Guard Use that automatically configures the BIOS settings that Windows
requires to enable Device Guar, or to change the
configuration back to the configuration before Device Guard
was enabled. Device Guard is a Windows feature that enables
higher security around drivers and BIOS behavior.
The following settings are possible:
• Configure on Next Boot
• Clear Configuration on Next Boot
When set to Configure on Next Boot, the BIOS changes the
following settings to the states required by Device Guard
after saving changes and exit.
• Virtualization features are enabled.
• Removable and network boot devices are disabled
(for example, USB boot, CD-ROM boot,
Thunderbolt™ boot, etc.).
• MS UEFI CA Key is disabled.
When set to Clear Configuration on Next Boot, the BIOS sets
the listed features to their Custom Default state if custom
defaults have been saved. If custom defaults have not been
saved, the BIOS restores the listed features to their factory
default states.

8.7 System Options Menu

Table 52 System Options Menu features

Feature Type Description Default Notes

 Configure Setting When checked, configures SATA Controller for RAID Unchecked Select products
Storage Controller mode. only
for RAID

 POST Prompt Setting When checked, prompts for RAID Configuration utility. Checked Desktop Only
for RAID
Configuration

 Configure Setting UEFI only. Enables driver support for NVMe Intel® Unchecked Intel Only
Storage Controller Optane® storage module. Requires additional
for Intel Optane configuration by Intel Rapid Storage Technology
software application.
IMPORTANT: After Optane is initialized in the OS, do
not boot with this setting disabled or with the Option
ROM Launch Policy set to Legacy Only. The OS may
become corrupted unless Optane is unconfigured first.

Limit PCIe Speed Setting Allows you to restrict the maximum speed of the PCI Auto Desktop
Express devices to previous generations. The Workstations Only
following settings are possible:
• Auto
• Gen 1 (2.5Gbps)
• Gen 2 (5Gbps)
• Gen 3 (8Gbps)

© Copyright 2022 HP Development Company, L.P. 8 Advanced Menu (2019 and older) 80
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

 Turbo Boost Setting When checked, enables Intel Turbo Boost Technology Checked Intel Only
to improve performance when operation conditions
allow.

 Hyper- Setting When checked, enables hyperthreading capability on Checked Intel CPU with
threading (Intel® Intel processors Hyper-Threading
HT) Intel HT Technology (HT) is designed to improve Only
performance of multithreaded software products and
requires a computer system with a processor
supporting HT and an HT-enabled chipset, BIOS and
OS. Contact your software provider to determine
compatibility. Not all customers or software
applications will benefit from the use of HT.
See http://www.intel.com/info/hyperthreading for
more information.

 Multi-processor Setting When checked, enables BIOS to report multiple Checked

processor cores to the OS.

 Virtualization Setting When checked, enables VT on Intel-based systems. Checked Intel Only
Technology (VTx)

 Virtualization Setting When checked, grants virtual machines direct access Checked Intel Only
Technology for to peripheral devices on select Intel-based systems.
Directed I/O (VTd)

 SVM CPU Setting When checked, AMD-V and AMD-Vi virtualization Unchecked AMD Only
Virtualization features

 DMA Protection Setting When checked, enables DMA redirection using IOMMU Checked Intel 2019+
for enhanced security.
NOTE: Requires Legacy Support disabled and VTd
enabled.

 PCI Express x16 Setting When checked, the PCI Express x16 slot is available for Checked Desktop Only
Slot 1 an expansion card. When unchecked, slot is disabled.

 PCI Express x1 Setting When checked, the PCI Express x1 slot is available. Checked Desktop Only
Slot 1 (2) (3)

 PCI Express x4 Setting When checked, the PCI Express x4 slot is available. Checked Desktop Only
Slot 1 (2)

 PCI Slot 1 (2) (3) Setting When checked, the PCI slot is available. Checked Select products
only

 M.2 SSD (1) (2) Setting When checked, the M.2 slot typically used for NVMe Checked Desktop Only
storage modules is available.

 M.2 WLAN/BT Setting When checked, the M.2 slot typically used for the Checked Desktop Only
WLAN module is available.

 Allow PCIe/PCI Setting When checked, enables a PCI device which asserts Checked Select products
SERR# Interrupt SERR# (System Error) to generate an interrupt (NMI). only
This legacy feature is rarely used.

Optical Disk Drive Setting When checked, the Optical Disk Drive module on Slice Checked HP Elite Slice Only
is available.

© Copyright 2022 HP Development Company, L.P. 8 Advanced Menu (2019 and older) 81
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

Wireless Video Setting When checked, the Wireless Video module on Slice is Checked HP Elite Slice Only
Module available.

Video Ingest Setting When checked, the Video Ingest module on Slice is Checked HP Elite Slice Only
Module available.

Allow Expansion Setting When unchecked, no expansion modules will be Checked HP Elite Slice Only
Modules enabled.

Suppress Module Setting When checked, any configuration error messages Checked HP Elite Slice Only
Configuration (such as more than one video ingest module) will be
POST Errors suppressed. Configuration errors may still result in the
extra modules being disabled.

Fast Charge Setting When checked, battery charge rate is actively Checked Notebook Only
managed by the system using current battery and
charger parameters. When unchecked, rate is fixed.

Power Button Setting Disables the power button while off or suspended and On Battery Only Select products
Protection the lid is closed to prevent the system turning on only
when stored (for instance, when in a bag).
The following settings are possible:
• On Battery Only
• Always
• Never

Power Button Setting Sets the time required to hold the power button down 4 sec Desktop Only
Override for the desktop to turn off, overriding the power
button behavior defined by the operating system. The
following settings are possible:
• Disable
• 4 sec
• 15 sec

 Swap fn and ctrl Setting When checked, switches functionality between fn and Unchecked Notebook Only
(Keys) ctrl keys.

 Launch Hotkeys Setting When checked, allows the fn+fx hot key combinations Unchecked or Notebook Only
without fn to be activated by just pressing the fx key (for Auto (if
keypress instance, f4 instead of fn+f4). Systems with an LED on available)
the fn key support ‘Auto’ setting where fn+ shift
toggles fn lock state – LED On equals unchecked.

 Swap Arrow Setting When checked, switches functionality between Up / Unchecked Select products
Up/Down and Page Down and Page Up / Page Down for platforms with only
Up/Down Function shared keys.

 Special Keys Setting fn+r → Break, fn+s → Sys Rq, fn+c → Scroll lock, Unchecked Select products
mapped to fn+key fn+w → Pause, fn+e → Insert for systems without only
these legacy keys when this setting is checked.

 Enable Turbo Setting When checked, allows Intel Turbo Boost Technology to Unchecked Intel Notebook
Boost on DC (or) activate when a power adapter is not connected. Only
 Max DC Renamed for 2019, implementation also changed to
Performance incorporate additional performance and thermal
(2019) features.

© Copyright 2022 HP Development Company, L.P. 8 Advanced Menu (2019 and older) 82
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

Dynamic Platform Setting Manages power and thermal conditions to keep Checked Intel Notebook
and Thermal system from overheating. Only
Framework (DPTF)

Sanitization Mode Setting Duration of sanitization mode: 120 Select products

Countdown Timer 15 – 300 (by 15) in seconds (max 255 for some) only

Pre-Sanitization Setting Delay before sanitization mode starts: 3 Select products

Mode Countdown 0 – 10 (by 1) in seconds only
Timer

USB Type-C® Setting When checked, allows UCSI to be exposed to the Checked Systems with USB
Connector System operating system (ACPI table) Type-C® ports
Software Interface
(UCSI)

 HP Application Setting Provides ACPI structure to enable HP common Unchecked Device Manager
Driver software application framework. The driver is provided (through 2018) shows alert if this is
in the latest HP support software which can be Checked (2019) enabled without
downloaded from the web. the HP application
driver installed.

 AMD DASH Setting AMD Remote system management capability. Unchecked AMD Only

 Hardware Setting This setting enables Single Thread Indirect Branch Unchecked AMD Only
enabled Spectre Predictor (STIBP) functionality in AMD processors.
Variant 2
Mitigation

 Enable High Setting Allocate more bandwidth to a USB-C® dock to support Unchecked Notebook Only
Resolution mode the highest resolutions on a DisplayPort monitor
when connected to attached to it,
a USB-C® DP alt
mode dock

Top Cover Function Setting Uncheck to disable the top cover functionality for HP Checked HP Elite Slice Only
Elite Slice.

© Copyright 2022 HP Development Company, L.P. 8 Advanced Menu (2019 and older) 83
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

8.8 Built-in Device Options Menu

This menu provides settings for built-in devices on the system.

Table 53 Built-in Device Options Menu features

Feature Type Description Default Notes

 Embedded LAN Setting When checked, enables the integrated network Checked
Controller controller.

Wake on LAN Setting Allows the system to wake via Local Area Network Boot to Network
(LAN). The following settings are possible:
• Disabled
• Boot to Network
• Boot to Hard Drive

 LAN Controller Setting When checked, enables the integrated network Checked Select
Option (1) (2) controller in the designated rear option slot. products only

 Allow No Panel Setting When checked, allows operation of the AiO 1000 base Checked AiO 1000 only
configuration unit without a boot warning for no panel attached.

 Integrated Setting When unchecked, disables the integrated video Checked Desktop with
Video device. When not using the integrated video, disabling discrete
the integrated video will free some system memory. graphics card
only

VGA Boot Device Setting The firmware can use only one graphics device when Add-in graphics Desktop with
booting up; so when there are multiple graphics is set as primary discrete
devices, this feature selects the graphics controller to graphics card
use as the primary VGA device during boot-up. only
• Integrated graphics
• Add-in graphics cards (select products only)

Video Memory Size Setting System memory reserved for video before loading the Intel: 64 MB
OS. Settings vary by platform and generation. AMD: Auto
Examples:
Intel:
• 64 MB
• 128 MB
• 256 MB
• 512 MB
AMD:
• 128 MB
• 256 MB
• 512 MB
• Auto

© Copyright 2022 HP Development Company, L.P. 8 Advanced Menu (2019 and older) 84
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

Graphics Setting Set the graphics adapter. The following settings are Hybrid Graphics Multiple
possible and depend on the model of notebook to Graphic Card
OR
determine which are present with the default setting: Notebook
• Hybrid Graphics Auto (select Only
products only)
• UMA Graphic
• Discrete Graphics
• Auto (Let OS decide whether hybrid graphics
is enabled or disabled).

 Integrated Setting When checked, enables the integrated webcams. Checked

(Front) (Rear)
Camera

 Internal SD Setting When checked, enables integrated SD card controller. Checked Select
Storage products only

 Fingerprint Setting When checked, enables fingerprint reader. Checked Select

Device products only

Touch Device Setting When checked, enables the touch screen. Checked Select
products only

 Audio Device Setting This setting provides a single point of control for the Checked
integrated microphone, the internal speakers, and the
headphone out.
When checked, the operating system visibility of each
audio device below is controlled independently.
When unchecked, hides all audio devices from the
operating systems. The individual audio device
settings below are also disabled.

 (Integrated ) Setting When unchecked, disables the integrated microphone Checked Notebook Only
Microphone and microphone jack (if present).

Microphone Setting Set the microphone port state. Possible settings are: Enable Desktop Only
• Enable
• Disable
• Disable and Lock
Disable and lock prevents the other audio ports from
being remapped to the microphone function in the OS.

 Internal Setting When unchecked, disables the internal speakers. If Checked

Speakers errors occur during boot-up, the speaker still beeps.
See Boot Options / Audio Alerts During Boot for more
information.

 Headphone Setting When checked, enables the headphone jack. Checked Notebook Only
Output

 Wake on Voice Setting When checked, enables the system to wake with voice Checked Select
(WOV) command. platforms only

 Intel Smart Setting When checked enables Intel Smart Sound. Checked Intel
Sound Notebook Only

© Copyright 2022 HP Development Company, L.P. 8 Advanced Menu (2019 and older) 85
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

 Lock Wireless Setting Prevent changes to the state of physical wireless Unchecked Notebook Only
Button enable/disable button.

 Wireless Setting When checked, enables integrated 802.11 device. Checked Notebook Only
Network Device
(WLAN)

 Bluetooth Setting When checked, enables integrated Bluetooth® device. Checked Notebook Only

 Mobile Network Setting When checked, enables integrated WWAN device. Checked Notebook Only
Device (WWAN)

 GPS device Setting When checked, enables integrated GPS device. Checked Notebook Only

 Mobile Network Setting When checked, enables integrated WWAN / GPS Checked Notebook Only
Device (WWAN) combo device.
and GPS Combo
Device

 WWAN Quick Setting Maintains power to WWAN device to enable faster Checked Select
Connect connections. products only

 M.2 USB / Setting When checked, enables the USB connection to the M.2 Checked Desktop Only
Bluetooth WLAN slot (typically used by Bluetooth if present).

HP LAN-Wireless Label
Protection

 LAN/WLAN Auto Setting When checked, enables automatic switching between Unchecked
Switching embedded WLAN device and embedded LAN
controller; disables WLAN when LAN connection is
detected.

 LAN/WWAN Setting When checked, enables automatic switching between Unchecked Notebook Only
Auto Switching embedded WWAN device and embedded LAN
controller; disables WWAN when LAN connection is
detected.

 Wake on WLAN Setting When checked, enables the system to wake via WLAN. Unchecked

 Wake on Setting When checked, enables the notebook to wake via BT Unchecked Notebook Only
Bluetooth input devices. Requires Wake on USB to be enabled.

 Wake on WiGig Setting When checked, enables the notebook to wake via Unchecked Notebook Only
WiGig device.

 Collaboration Setting When checked, enables the capacitive controls for Checked Select
Buttons volume and connect or disconnect to function. products only

Button Sensitivity Setting Controls the touch sensitivity of collaboration buttons. Unchecked Select
Possible settings are: products only
• Low
• Medium
• High

 Hang-up Button Setting When checked, hang-up button must be held at least Unchecked Select
Delay 0.5 sec before activating. products only

 NFC Setting When checked, enable Near Field Communication Checked Select
functionality. products only

© Copyright 2022 HP Development Company, L.P. 8 Advanced Menu (2019 and older) 86
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

o Wake on LAN in Setting When checked and powered by battery, enables the Unchecked Notebook Only
Battery Mode notebook to wake via LAN.

 Fan Always on Setting When checked, leaves the fan on while running on AC Unchecked Notebook Only
while on AC Power power.

Increase Idle Fan Setting Controls the minimum fan speed during periods that 0 Desktop Only
Speed (%) the fan would normally be off under the control of the
desktop thermal sensor. Choose a percentage of the
maximum fan speed: 0 –100%.

 Boost Converter Setting When checked, the notebook draws power from the Checked Notebook Only
battery when the system is on AC to give the CPU a
momentary performance gain by increasing the
overall power available to the CPU.

Backlit Keyboard Setting Specifies the timeout period for the keyboard’s 15 seconds Notebook Only
Timeout backlight LEDs. The following settings are possible:
• 5 secs
• 15 secs
• 30 secs
• 1 min
• 5 min
• Never

 Automatic Setting When checked, keyboard backlight level is affected by Checked Select
Keyboard Backlit ambient light level. The keyboard backlight will remain products only
off while in bright environments to save power.

 Force enable HP Setting When checked, enables HP Sure View’s privacy panel Unchecked HP Sure View
Sure View by changing the screen brightness only

Disable Battery on Action When checked, the battery is put in storage mode Unchecked Requires
next shut down when the system is next shut down. AC power is administrator
required to turn on the system afterwards. password set

 RFID Setting When checked, enables the RFID reader. Checked Select
products only

 TILE Deactivate Setting When checked, disables the TILE device Unchecked Select
products only

© Copyright 2022 HP Development Company, L.P. 8 Advanced Menu (2019 and older) 87
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

8.9 Port Options Menu

The following table describes various setting options for Ports.

Table 54 Port Options Menu features

Feature Type Description Default Notes

 USB Ports Setting Enable or disable all USB ports (legacy ports and type-C Checked Notebook Only
ports). Does not include Thunderbolt™ ports. (before 2018)

 (Left) (Right) Setting Enable or disable all USB ports on one side of the system Checked
(Front) (Rear) (legacy and Type-C).
(Top) (Bottom)
USB Ports

 (Left) (Right) Setting Enable or disable a specific USB port. Checked Desktop Only
(Front) (Rear) NOTE: When looking at the ports (and in horizontal
USB Port (1) (2) orientation for desktops), count ports from bottom to top,
(3) then left to right.

 Docking USB Setting When unchecked, disables USB ports connected through the Checked Notebook Only
Ports docking connector.

 USB Legacy Setting When checked, enables the USB Type-A charging port to Checked
Port Charging charge devices during hibernation or shutdown.

Disable Charging Setting Prevent charging port from providing power to external 10 Notebook Only
Port in sleep/off devices if the system itself is below a certain battery
if battery below threshold. Possible settings are 10, 20, 30, 40, 50, 60, 70,
(%) 80, 90, 100.

 (Front) (Rear) Setting When unchecked, system will not power Type-C devices in Checked Desktop Only
USB Type-C® the off states.
Downstream
Charging

 Thunderbolt™ Setting When checked, enables integrated Thunderbolt™ ports. Checked Select products
Type-C Ports NOTE: Older systems included additional Thunderbolt™ only
settings in this menu. Starting in 2019 these options have
moved to a separate Thunderbolt™ Options menu.

 Accessory USB Setting When checked, enables the accessory USB port. Checked Desktop
Port Workstations
Only

 Option Port (1) Setting When checked, enables additional bandwidth for Unchecked Select products
(2) – HDMI 1.4 DisplayPort® over Type-C to support higher graphics only
Mode resolutions.

 Media Card Setting When checked, enables the integrated media card reader. Checked Notebook & AiO
Reader Only

 Media Card Setting When checked, enables the media card reader connector Checked Desktop Only
Reader/SD_RDR (labeled SD_RDR typically) on a desktop.
USB

SATA (0) (1) (2) Setting When checked, allows the system to access a device Checked Desktop Only
(3) (4) (5) attached to the SATA port.

© Copyright 2022 HP Development Company, L.P. 8 Advanced Menu (2019 and older) 88
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

 Serial Port (A, Setting When checked, enables the specified serial ports. Checked Desktop Only
B, C, D, C/D, E/F)

I/O Address (A) Setting The following settings are possible: Auto Desktop Only
(B) (C) (D) • Auto
• 3F8
• 2F8
• 3E8
• 2E8
NOTE: You can set I/O Address only for legacy ports and is
useful only in Legacy mode. Some serial ports are USB
based and cannot assign these resources.

Interrupt (A) (B) Setting The following settings are possible: Auto Desktop Only
(C) (D) • Auto
• IRQ 3
• IRQ 4
• IRQ 5
• IRQ 10
NOTE: Interrupts are only settable for legacy ports and are
useful only in Legacy mode. Some serial ports are USB
based and cannot assign these resources.

Serial Port Setting Powered Serial port voltage selection on RPOS units that 0 Volts Retail Point of
Voltage (A) (B) include this feature. Possible settings are: Sale Systems
(C) (D) (E) (F) • 0 Volts Only

• 5 Volts
• 12 Volts

 Smart Card Setting When checked, enables integrated Smart Card slot. Checked Notebook Only

 Smart Card Setting When checked, enables the power-saving feature of the Checked Notebook Only
Power Savings Smart Card reader, thus not maintaining a session when the
card is removed.

Cash Drawer Port Setting On select Retail Point of Sale systems, this controls whether Enable Retail Point of
the cash drawer port can be activated or not. Sale Systems
Only

Restrict USB Setting When some devices are restricted, the system disables the Allow all USB Desktop Only
Devices ports at boot-up where a restricted device is installed. That Devices
port is disabled until the next boot. Port configuration is not
changed on insertion. The following settings are possible:
• Allow all USB Devices
• Allow only keyboard and mouse
• Allow all but storage devices and hubs

© Copyright 2022 HP Development Company, L.P. 8 Advanced Menu (2019 and older) 89
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

8.10 Option ROM Launch Policy Menu

This submenu configures the kind of device option ROM that can load at boot time.

Table 55 Option ROM Launch Policy Menu features

Feature Type Description Default Notes

Configure Option Setting The following settings are possible: All UEFI Units with Win10
ROM Launch • All Legacy All Legacy preinstalled
Policy Units with Win 7
• All UEFI
preinstalled
• All UEFI Except Video
NOTE: This is set to All UEFI and not selectable if Legacy
Support is not enabled (see Secure Boot Configuration) or
not supported by the system.

8.11 Power Management Options Menu

The following table describes various setting options for Power Management Options.

Table 56 Power Management Options Menu features

Feature Type Description Default Notes

 Runtime Setting When checked, enables the processor to run at lower Checked Select products
Power frequencies (P-states) when higher performance is not only
Management needed. When unchecked the processor always runs at
maximum frequency.

 Extended Idle Setting When checked, enables the processor to rest in lower Checked Select products
Power States power states (C-states) when idle. only

 S5 Maximum Setting When checked, minimizes system power consumption Unchecked Desktop Only
Power Savings while in the S5 (off) state.
NOTE: Windows 10 with Fast Startup enabled powers off
to the S4 (suspend to disk) state.

 SATA Power Setting When checked, enables the SATA bus to enter low power Checked Desktop Only
Management states when idle.

 Deep Sleep Setting When checked, reduces power consumption while in Checked Notebook Only
S3/S4/S5 to extend battery life.
NOTE: Enabling deep sleep disables some wake events
such as wake on USB without AC power.

 PCI Express Setting When checked, enables PCI Express bus to enter low Checked Desktop Only
Power power states when idle.
Management

 PCIe Speed Setting When checked, allows system to lower PCIe link speeds Checked AMD Notebook
Power Policy when not on AC to save battery power. Only
(PSPP)

 Power On Setting When checked, allows the desktop to turn on by pressing Unchecked Desktop Only
from Keyboard a key on the keyboard, when the keyboard is plugged in to
Ports a port marked with the keyboard symbol.

© Copyright 2022 HP Development Company, L.P. 8 Advanced Menu (2019 and older) 90
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

o Unique Sleep Setting When checked, when the desktop is in the S4 power state, Unchecked Desktop Only
State Blink Rates the power LED periodically blinks four times with a pause.
Unchecked, the desktop does not blink at all in S4 (the
same as S5, power off)
This also affects S3 blink behavior. When checked, the
desktop power LED periodically blinks three times with a
pause, unchecked it blinks once per period.

 Wake when Setting When checked, opening the lid wakes the notebook from Unchecked Notebook Only
Lid is Opened sleep mode

 Wake when AC Setting When checked, allows the system to resume from sleep Notebook Only
is Detected when AC power is detected

 Wake on USB Setting When checked, allows the system to resume from sleep Checked Notebook Only
when a USB input device is triggered (such as mouse
movement or keyboard key-press).

 Power Control Setting When checked, enables the notebook to support power Unchecked Notebook Only
management applications such as IPM+ that help
enterprises reduce power costs by intelligently managing
the battery usage of the notebook.

 Configure Setting When checked, enables support for HPPM 2.0 Unchecked Select products
Battery Charge only

Battery Health Setting Sets charging policy based on optimizing for battery life or Let HP manage Notebook Only
Manager battery duration. The possible settings are: my battery
• Maximize my battery health duration

• Let HP manage my battery duration

 Modern Setting Low power standby mode. This mode replaces the Enable Only supported
Standby traditional ACPI S3 sleep and S4 hibernation states. on select
notebooks

8.12 Remote Management Options Menu (Intel Only)

The following table describes various setting options for Remote Management Options.

Table 57 Remote Management Options Menu features

Feature Type Description Default Notes

 Intel Setting This setting controls the Intel Management Engine (ME) Checked Intel Only
Management state. When checked, this enables all ME functionality
Engine (ME) including AMT, DAL, NFC, Protected Content Playback,
Intel Identity Protection Technology, and Capability
Licensing Service. When unchecked, none of these Intel
ME provided capabilities are available.

 Active Setting This setting controls the Intel Active Management Checked Intel Only
Management Technology (AMT) remote manageability features. When
Technology unchecked, the network based remote management
(AMT) functionality is disabled.

© Copyright 2022 HP Development Company, L.P. 8 Advanced Menu (2019 and older) 91
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

 USB Key Setting When checked, enables AMT provisioning using a USB Unchecked Intel Only
Provisioning storage device.
Support

o USB Setting When checked, enables support for storage redirection Checked Intel Only
Redirection through USB
Support NOTE: Intel AMT must be correctly provisioned

Unconfigure AMT One When applied, reset AMT configuration options on next Do Not Apply Intel Only
on Next Boot time boot. The following actions are possible:
action • Do Not Apply
• Apply

SOL Terminal Setting Specifies the Serial Over Lan (SOL) terminal emulation ANSI Intel Only
Emulation Mode mode. The following settings are possible:
• ANSI
• VT100

 Show Setting When checked, requires user confirmation when Checked Intel Only
Unconfigure ME unconfiguring Intel Management Engine.
Confirmation
Prompt

 Verbose Boot Setting When checked, report additional information when a boot Unchecked Intel Only
Messages message is displayed.
NOTE: Unavailable when AMT is disabled.

 Watchdog Setting When checked, enables Watchdog Timers. Checked Intel Only
Timer

OS Watchdog Setting Sets OS Watchdog Timer (minutes). Possible values are 5 Intel Only
Timer (min.) from 5 to 25.

BIOS Watchdog Setting Sets BIOS Watchdog Timer (minutes). Possible values are 5 Intel Only
Timer (min.) from 5 to 25.

CIRA Timeout Setting Client Initiated Remote Access timeout. Possible values 1 Intel Only
(min.) are from 1 to 4 minutes or never.

8.13 MAC Address Pass Through (Notebook Only)

The following table describes various settings for the Host-Based MAC Address menu.

Feature Type Description Default Notes

Host Based MAC Setting Can be set to Disabled, System, or Custom. Setting to System Address Notebook Only
Address System allows all HBMA settings to be modified except (2017+) (2016+)
the custom MAC address. Setting to custom allows all
settings including the custom MAC address to be
modified.

MAC ADDRESS Setting Configure a custom MAC address. Shows the current Factory MAC Notebook Only
factory and system MAC addresses as well. Address

Reuse Setting When checked, enables the ability to reuse the embedded Disable Notebook Only
Embedded LAN LAN address
Address

© Copyright 2022 HP Development Company, L.P. 8 Advanced Menu (2019 and older) 92
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

 Pre-boot Setting Set Host Based MAC Address (HBMA) support in the Checked but Notebook Only
HBMA Support preboot environment such as PXE. disabled until
Host Based MAC
Address is
enabled

 Windows Setting Set host-based MAC address (HBMA) support in the Checked but Notebook Only
HBMA Support Windows OS environment. greyed out until
Host Based MAC
Address is
enabled

 Single NIC Setting When within Windows OS, only one NIC will operate using Unchecked but Notebook Only
Operation Host Based MAC Address (HBMA). This feature does not greyed out until
(Disable All Other apply to PXE environments. Host Based MAC
NICs when HBMA Address is
is active on one enabled
NIC)

HBMA Priority Setting Change the priority of USB and embedded Network Notebook Only
List Interface Cards (NICs) for the system.

8.14 Thunderbolt™ Options

The following table describes various settings for configuring Thunderbolt™ ports, previously located in the Port Options
menu. This menu organization is new in 2019 for platforms supporting Thunderbolt™ technology. There still remains a
setting in Port Options to turn the Thunderbolt™ port on or off.

Feature Type Description Default Notes

 Thunderbolt™ Setting When checked, enables Thunderbolt™ connections on the Checked

Mode Type-C port.

 Require BIOS Setting When checked, Thunderbolt™ Security Level cannot be Checked
PW to change changed unless a BIOS administrator password has been
Thunderbolt™ created. This setting cannot be disabled if DMA Protection
Security Level (System Options) is enabled.

© Copyright 2022 HP Development Company, L.P. 8 Advanced Menu (2019 and older) 93
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

Feature Type Description Default Notes

Thunderbolt™ Setting The following settings are possible: PCIe and

Security Level • PCIe and DisplayPort – No Security DisplayPort –
User
Any Thunderbolt™ device detected that requests a PCI-
Authorization
express connection will be connected to the system’s PCi-
express bus without requiring any approval by the local
user.
• PCIe and DisplayPort – User Authorization
Each Thunderbolt™ peripheral includes a unique identifier
which is used to determine if the device has been previously
connected. In the event the user has previously chosen
Always Connect for that particular device, it will
automatically be connected to the PCI-express bus when
subsequently attached.
• PCIe and DisplayPort – Secure Connect
This option offers enhanced protection for authenticating a
previously connected Thunderbolt™ device beyond relying
on its identifier. The device is provisioned with a key when
initially connected and on subsequent connections, a
challenge-response is implemented to verify the device has
the secret before it is automatically connected to the PCI-
express bus.
• DisplayPort only
Only USB and Display Port functionality will be available via
the Type-C Thunderbolt™ port. PCI-express will not be
connected from the Thunderbolt™ device to the internal
PCI-express interface, thus any Thunderbolt™ device that
requires PCi-express will not function correctly.

 Native PCIe Setting When checked, enables hot plug support to the system’s Disabled
Hot Plug PCI-express bus.

© Copyright 2022 HP Development Company, L.P. 8 Advanced Menu (2019 and older) 94
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

8.15 Remote HP PC Hardware Diagnostics Settings

Table 58 Remote HP PC Hardware Diagnostics Features

Feature Type Description Default Notes

Diagnostic Setting HP / Custom URL. HP

Download URL

Custom Setting Location of Remote Diagnostics, if not obtained from the

Download HP server.
Address

Custom Upload Setting Custom location to upload Diagnostic logs.

Address

User Name Setting (Optional) User Name to access custom Diagnostic

location.

Password Setting (Optional) Password to access custom Diagnostic

location.

Scheduled Setting Allow Remote HP PC Diagnostics to run on a set schedule: Disabled

Execution • Enable
• Disable

Frequency Setting Select the frequency for scheduled execution of Remote Weekly
HP PC Hardware Diagnostics:
• Daily
• Weekly
• Monthly

Execute On Next Setting Enable or disable the execution on next boot. The Flag will Disabled
Boot be disabled after the diagnostics have run:
• Enable
• Disable

Last execution Action Displays the result of the last Remote HP PC Diagnostics
Result execution

© Copyright 2022 HP Development Company, L.P. 8 Advanced Menu (2019 and older) 95
HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

9 UEFI Drivers

Main Security Advanced UEFI Drivers

HP Computer Setup

This feature restarts the system into the 3rd Party Option ROM Management application. You can get to this application
directly by pressing F3 during startup

 3rd Party Option ROM Management

© Copyright 2022 HP Development Company, L.P. 9 UEFI Drivers 96

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

10 Features Not in F10 Menu

These features are BIOS controlled but do not have an option or setting in the F10 menu.

Feature Description Default Notes

Privacy Panel For privacy panel–equipped notebooks, press fn+f2 to enable or Disabled For select privacy
disable privacy panel feature. Use fn+f5 and fn+f6 to decrease panel notebooks
or increase the privacy panel brightness. only.

© Copyright 2022 HP Development Company, L.P. 10 Features Not in F10 Menu 97

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

11 Computer Notifications
11.1 Introduction
Platforms that support HP PC Commercial BIOS have various mechanisms to indicate errors that occur during Power-On-
Self-Test (POST). The notifications can take several forms, such as:

• Blinks and Beeps

• On screen notifications that include the following:
○ Preboot messages (BIOS)
○ Pop-up messages within the OS

11.2 Blink and Beep Codes

Some system errors prevent the use of the video screen; instead, the system provides error information through blink
codes using LED lights. The LED light used depends on the system type (notebook or desktop). The codes are presented in a
sequence. For desktop, this means red blinks followed by white blinks. Audible long and short beeps accompany red or
white blinks, respectively. Additional detail may be found in the system’s Maintenance and Service Guide.

The following table describes the meaning of critical blink codes.

Table 59 Computer notifications

Notebook Desktop Description

CAP / NUM Battery Red White

LED with with
long short
beeps beeps

2 2 2 The main area of BIOS has become corrupted, and there is no

recovery binary image available.

8 2 3 The HP Endpoint Security Controller policy requires the user to enter

a key sequence (Sure Start 2.0).

White and 2 4 The HP Endpoint Security Controller is recovering the BIOS firmware.
Amber Because it takes some time to load the firmware image and enable
blinking video, this blink code is necessary. (Sure Start).

3 3 2 The HP Endpoint Security Controller has timed out waiting for BIOS
to return from memory initialization (memory failure).

4 3 3 The HP Endpoint Security Controller has timed out waiting for BIOS
to return from graphics initialization.

5 3 4 The system board displays a power failure (crowbar).

3 5 The CPU is not detected or is unsupported.

3 6 The CPU does not support an enabled feature (typically this applies
only to TXT).

7 1 5 2 The HP Endpoint Security Controller cannot find valid firmware.

© Copyright 2022 HP Development Company, L.P. 11 Computer Notifications 98

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

11.3 Pop-up Messages

Onscreen notification can involve pop-up (toaster) messages. These describe several events involving USB Type-C® ports.
Note that these messages within the OS require native support in the operating system or that HP notifications software be
installed.

Table 60 Pop-up messages

Event Code Message Detail

Power Adapter
Accepted: Matches
capabilities to charge
while in S3, S4 or S5
power states.
1 Title: USB Type-C® A user plugs in a power adapter that is too small to operate
Connector the system while the device is turned on. The adapter could be
Text: “For full used to charge in sleep mode or when the computer is turned
performance, connect a off.
higher capacity power
adapter.”

Power adapter
rejected: Upstream
power flow is not
supported
2 Title: USB Type-C® A user plugs in an adapter that requests power in which is not
Connector supported. (Cypress controller)
Text: “Charging system
via adapter plugged into
the USB port is not
supported.”

Connected device
requests more power
than can be supplied
3 Title: USB Type-C® A user plugs in a device that requires more power than can be
Connector provided by the system.
Text: “USB device
requesting more power
than system can
provide.” Display system
charging capability

Balance downstream 4, 5 Title: USB Type-C®
power for charging Connector
from multiple USB Text: “Charging from
ports multiple USB ports may
have limited support.”
A user has plugged in an adapter to both a USB Type-A port
and a USB Type-C® port (or into two USB Type-C® ports), and
the system is not capable of charging both at full capacity
while system is running.

The attached dock
cable is inadequate to
handle the needed
power load
6 Title: USB Connector A user plugs a cable connecting the dock to the system that is
Text: “For full inadequate to power the system and charge the battery
performance, connect simultaneously.
higher capacity USB
cable to dock.” Display
capabilities of the cable

Power adapter 7 Title: USB Connector The user has inserted an adapter that is not compatible with
rejected: Provider and Text: “The power adapter the HP system (from a 3rd party vendor that is not supported.)
consumer mismatch is not compatible with
this system.”

© Copyright 2022 HP Development Company, L.P. 11 Computer Notifications 99

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

12 Appendix A
12.1 What is UEFI?
Unified Extensible Firmware Interface (UEFI) defines the interface between the operating system and platform firmware
during the boot, or start-up process. Compared to BIOS, UEFI supports advanced preboot user interfaces.

The UEFI network stack enables implementation on a richer network-based OS deployment environment while still
supporting traditional PXE deployments. UEFI supports both IPv4 and IPv6 networks. In addition, features such as Secure
Boot enable platform vendors to implement an OS-agnostic approach to securing systems in the preboot environment.

The HP ROM-Based Setup Utility (RBSU) functionality is available from the UEFI interface with additional configuration
options.

12.2 Introduction
The HP UEFI System Utilities are embedded in the system ROM. The UEFI System Utilities enable a wide range of
configuration activities, including:

• Configuring system devices and installed options

• Enabling and disabling system features
• Displaying system information
• Selecting the primary boot controller or partition
• Configuring memory options
• Launching other pre-boot environments, such as the Embedded UEFI Shell and Intelligent Provisioning

12.3 Benefits of UEFI

• Abstracts Platform from OS and Decouples development
• Includes modular driver model and CPU-independent option ROMs
• Modular and extensible and provides OS-neutral value add
• OS loader can keep the same as underlying hardware change
• Supports larger drives over 2 TB with GPT partition

12.4 Overview of UEFI Boot Process

The purpose of the UEFI interfaces is to define a common boot environment abstraction for use by loaded UEFI images,
which include UEFI drivers, UEFI applications, and UEFI OS loaders. UEFI allows the extension of platform firmware by
loading UEFI driver and UEFI application images. When UEFI drivers and UEFI applications are loaded they have access to all
UEFI-defined runtime and boot services.

There are two sets of services in UEFI:

• Boot Services - UEFI applications (including OS loaders) must use boot services functions to access devices and allocate
memory. These services are not available when the OS is running.
• Runtime Services - The primary purpose of runtime services is to abstract minor parts of the hardware implementation
of the platform from the OS.
These services are present when OS is running.

© Copyright 2022 HP Development Company, L.P. 12 Appendix A 100

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

12.5 The UEFI Forum

For more information, contact the Unified Extensible Firmware Interface (UEFI) Forum. It is a world-class nonprofit industry
standards body that works in partnership to enable the evolution of platform technologies.

The UEFI Forum champions firmware innovation through industry collaboration and the advocacy of a standardized
interface that simplifies and secures platform initialization and firmware bootstrap operations. Both developed and
supported by representatives from more than 200 industry-leading technology companies, UEFI specifications promote
business and technological efficiency, improve performance and security, facilitate interoperability between devices,
platforms and systems, and comply with next-generation technologies.

© Copyright 2022 HP Development Company, L.P. 12 Appendix A 101

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

13 Appendix B
13.1 Updating System Firmware with the HP Firmware Update and Recovery
Application (Windows Operating Systems only)
Current firmware updates for HP commercial platforms (2018 and later) include the HP Firmware Update and Recovery tool
(HpFirmwareUpdRec.exe). This utility starts the firmware update process when run with the correct firmware source files for
the target platform. Firmware types supported by this utility include the BIOS, the ME firmware (Intel only), and USB Type-C®
PD (power delivery) controller firmware. When the utility is run in Windows, it identifies the compatible firmware files in local
storage and then invokes a series of flash updates after triggering a system reboot. Before 2018, the firmware update tool
was HP BIOS Update and Recovery (HpBiosUpdRec.exe), which uses the specific BIOS binary included in the Softpaq as an
input (for example, P70_010102.bin). Both tools operate in a similar fashion.

For 2018 and later systems, the firmware source files required for updating within BIOS Setup (F10) menus must be
extracted from the .bin and .inf files included in the release Softpaq. The Firmware Update and Recovery application must
be used to extract the various firmware binary files to use the Update System and Supported Device Firmware Using Local
Media action in BIOS Setup. For earlier platforms, only the appropriate BIOS binary file from the Softpaq is required.

13.2 Using HP Firmware Update and Recovery

• Run the HpFirmwareUpdRec application. The HP Firmware Update and Recovery dialog is shown with the following
options.

• Select Update and then select Next.

• If Windows BitLocker Drive Encryption (BDE) is enabled on the system using TPM security, HpFirmwareUpdRec prompts
the user and offers to suspend it. BDE automatically resumes when the update is finished and Windows is restarted. This
is to prevent possible loss of the encryption key. Click OK or Cancel to suspend BDE manually and rerun the program
later.

© Copyright 2022 HP Development Company, L.P. 13 Appendix B 102

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

IMPORTANT: Updating BIOS without suspending BitLocker may cause the loss of access to the encrypted data. BitLocker
protection automatically resumes the next time you restart your system.

• Suspending BitLocker can be done manually in the Control Panel or can be automated by executing HPBIOSUPDREC
command line “HPBIOSUPDREC –b”.
• The version of the firmware image in the update file and the firmware version of the current system are displayed. The
user is notified that the firmware will be overwritten.
• Show password field if Bios has set an administrator password.

• Upon completion, you see the message that the Firmware update preparation was successful. Select Restart.

© Copyright 2022 HP Development Company, L.P. 13 Appendix B 103

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

13.3 USB Recovery Key Creation

If the system BIOS has been corrupted and the device will not boot, another device can be used to create an HP Firmware
Recovery USB Key that can be used to recover it. The device used to create the recovery key does not have to be compatible
with the BIOS image.

• Run the HpFirmwareUpdRec or HpBiosUpdRec application. The main options menu is shown.
• Select Create Recovery USB flash drive and then select Next.

• The application prompts the user to insert a USB flash drive if the system does not see a USB flash drive.

© Copyright 2022 HP Development Company, L.P. 13 Appendix B 104

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

• The USB drive must have FAT32 format.

• Select a USB flash drive and click Next. Upon completion, you see that the recovery flash drive was created successfully.

• Click Finish to close the wizard.

The files can also be manually copied to the EFI partition of the hard drive to support emergency recovery. For 2018 and
later the HpFirmwareUpdRec utility extracts the correct binaries from the .bin and .inf files and saves the individual
components on the USB key in the HP\DEVFW folder, which can be copied into \EFI on the hard drive. For earlier platforms
the BIOS binary file only is used, saved in the HP\BIOS\Current folder.

NOTE: To recover a device with the flash drive, connect AC power and follow the previous on-screen instructions.

13.4 HpFirmwareUpdRec Log File

By default, a log file is created in the same folder with the executable file.

• If the –I command line option is used, the log file will be written to the supplied file path. If it is a relative path, it will be
placed under that path.

© Copyright 2022 HP Development Company, L.P. 13 Appendix B 105

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

• If the log file cannot be created in the executable folder, it will be created in the first available system temporary folder
location, usually “C:\Users\(username)\AppData\Local\Temp” in Windows.

13.5 Custom Logo Support

NOTE: Operates in Silent Mode only, will not update firmware.

Installation:

• Command Line: HpFirmwareUpdRec.exe -e<logo filename>

• Custom Logo file will be written to BIOS. Check the log file for success or error.
• File must be JPEG format, maximum size 32k (32,768) bytes.
• If BIOS password is set, password file must be provided.
• Command-line option only, silent mode, not shown in usage display. Other options ignored.
• System will not be restarted.

Removal:

• Command Line: HpFirmwareUpdRec.exe -x

• Logo image will be removed from BIOS.
• If BIOS password is set, password file must be provided.
• Command line option only, silent mode, not shown in usage. Other options ignored.
• System will not be restarted.

Table 61 Custom logo support

Return Name Description

Code

0 SUCCESS No error

1 LOAD_ERROR Error reading image file

2 INVALID_PARAMETER File name missing

3 UNSUPPORTED Not supported by BIOS

4 INVALID_FILE File not found or invalid

26 SECURITY_VIOLATION BIOS password not provided or incorrect

99 UNKNOWN Unknown error occurred, see log file

© Copyright 2022 HP Development Company, L.P. 13 Appendix B 106

HP PC Commercial BIOS (UEFI) Setup January 2022
919946-006

13.5.1 Command-line Usage

Table 62 Custom logo support: command-line usage

Option Comments

-f “folder path” Specifies the folder containing firmware update files.

-p “password-file” Specifies encrypted password file created with the HpqPswd utility. Valid with all other options.

-s Silent mode. Runs without any user interaction or output.

-a Eliminates version comparison when -s is present. It is ignored otherwise. There is no log entry or usage
dialog if it appears without the silent option.

-h Create HP_TOOLS partition if not present. On a GPT formatted system with native UEFI boot, this option is
ignored. On MBR, the partition is not created if it already exists. If unable to create partition, exits with error
code.

-b If BitLocker with TPM is in use, automatically suspend it.

-r Do not reboot automatically under silent mode (-s). The result code is SUCCESS_REBOOT (0xBC2) when
this option is used.

-? Show the same usage dialog that appears if an invalid command line is detected. This option overrides all
other options, including -s.

© Copyright 2021, 2022 HP Development Company, L.P. The only warranties for HP products and services are set forth in
the express warranty statements accompanying such products and services. Nothing herein should be construed as
constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
AMD is a trademark of Advanced Micro Devices, Inc. Intel is a trademark of Intel Corporation or its subsidiaries in the U.S.
and/or other countries. Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in
the United States and/or other countries.

© Copyright 2022 HP Development Company, L.P. 13 Appendix B 107