![]() \openssl req -x509 -nodes -newkey rsa:2048 -keyout "$KeyPath\kek-key.pem" -out "$KeyPath\kek-cert.pem" -days 3650 -subj "/C=US/ST=Illinois/L=Chicago/O=ViaMonstra/OU=IT/CN=" $OpenSSLPath = "C:\Program Files\OpenSSL-Win64\bin" # Generate the endorsement and signing key pairs, using the same password for both Here are the commands I used: # Import HP Module I stored my keys in the C:\Setup\HPKeys folder, and installed SSL in the C:\Program Files\OpenSSL-Win64\bin folder. You also need to create a few certificates for the endorsement and signing key pairs. In order to setup provisioning, you need to have the HP Client Management Script Library installed. There is also support for ConfigMgr via HP Manageability Integration Kit (MIK) for Microsoft System Center Configuration Manager. This is part of the HP Sure Recover software, which in turns require the HP Client Security Manager 9.3 or later. Note: You can also use the Sure Recover download agent to add images to the eMMC disk. In this example I was using a HP Firefly 14 G7. In this example I will show you how to configure an HP machine to download an MDT/PSD boot image from a web server, stage it on the eMMC disk, and then boot from it. HP firmware supports both ftp and https to downloads of boot images, and while the ftp option does offer username and password protection – which the https download option does not – I opted in for a simple https download. Other vendors, that have the same capabilities in their hardware, are typically blocking customers from making any changes. What I absolutely love about HP is that they made they Sure Recover platform customizable, allowing anyone to add their own payload to the platform. Downloading your own content to the HP Sure Recover platform The disk can be accessed at specific (service) times, and/or by pressing F11 during boot to enter the Factory Recovery mode. ![]() This extra flash drive, named embedded multi-media card (eMMC), is for security reasons not accessible from Windows. These machines, primarily models from 2018 and newer, have an extra flash drive on those machines that you can modify with your own payload. I happen to like HP computers quite a bit, and the HP computers that happen to support HP Sure Recover are extra shiny.
0 Comments
Leave a Reply. |