HP Sure Admin

Modern security for PC firmware configuration management.

  • Enables remote administrators to securely manage BIOS settings and field support personnel to obtain secure in-person access to BIOS setup.

  • Use of digital certificates and public-key cryptography eliminates the risks associated with legacy password-based approaches.

HP Sure Admin stores configuration and public keys in the HP Endpoint Security Controller’s isolated and protected storage of the target PC which provides advanced integrity protection against attacks targeting replacement of authorized keys with the attacker’s public key.

The use of RSA public-key cryptography means that no authorization secrets are ever transmitted to, nor ever reside on, the target PC device.

Feature Availability

Included in select EliteBook, ProBook, ZBook PCs


HP Sure Admin is supported on a wide range of HP business products, including Pro and Elite Desktops, Pro and Elite Notebooks, Z Desktops, and Z Mobile Workstations.

HP Sure Admin can be used by large enterprise customers, as well as small and medium businesses. The HP Client Management Tools enable HP Sure Admin deployments with or without any backend infrastructure requirements.

Remote management of BIOS settings refers to the programmatic interfaces the BIOS exposes to the OS for management of BIOS settings, which in most cases (but not strictly required) is assumed to come from a remote administrator. Local access to, or local management of BIOS settings refers to the scenario of a field support operator who is physically present at the target machine manually modifying BIOS settings via the F10 BIOS Setup GUI.

HP Sure Admin uses industry standard RSA digital signatures to authorize BIOS setting change commands. HP Sure Admin also uses RSA public-key encryption to implement secure local access to HP Computer Setup and to authorize privileged local operations.

HP Sure Admin is optional. By default, the legacy BIOS password-based mechanisms work identically to previous products. Additionally, HP Client Management tools are designed to work in a heterogeneous environment (some devices use legacy BIOS password while some use HP Sure Admin) as the overall fleet transitions to HP Sure Admin.

Compare Products
Select Store
HP employees: Report website issues