New‐HPSureRecoverImageConfigurationPayload



Summary

Configure the HP Sure Recover OS or Recovery image

Syntax

New-HPSureRecoverImageConfigurationPayload [-Image] <String> [-SigningKeyFile] <FileInfo> [[-SigningKeyPassword] <String>] [-PublicKeyFile] <FileInfo> [[-Nonce] <UInt32>] [[-Version] <UInt16>] [[-Username] <String>] [[-Password] <String>] [[-Url] <Uri>] [[-OutputFile] <FileInfo>] [<CommonParameters>]

New-HPSureRecoverImageConfigurationPayload [-Image] <String> [-SigningKeyCertificate] <X509Certificate2> [-PublicKeyFile] <FileInfo> [[-Nonce] <UInt32>] [[-Version] <UInt16>] [[-Username] <String>] [[-Password] <String>] [[-Url] <Uri>] [[-OutputFile] <FileInfo>] [<CommonParameters>]

New-HPSureRecoverImageConfigurationPayload [-Image] <String> [-SigningKeyCertificate] <X509Certificate2> [-PublicKey] <Byte[]> [[-Nonce] <UInt32>] [[-Version] <UInt16>] [[-Username] <String>] [[-Password] <String>] [[-Url] <Uri>] [[-OutputFile] <FileInfo>] [<CommonParameters>]

New-HPSureRecoverImageConfigurationPayload [-Image] <String> [-SigningKeyFile] <FileInfo> [[-SigningKeyPassword] <String>] [-PublicKey] <Byte[]> [[-Nonce] <UInt32>] [[-Version] <UInt16>] [[-Username] <String>] [[-Password] <String>] [[-Url] <Uri>] [[-OutputFile] <FileInfo>] [<CommonParameters>]

New-HPSureRecoverImageConfigurationPayload [-Image] <String> [-SigningKeyCertificate] <X509Certificate2> [-ImageCertificateFile] <FileInfo> [[-ImageCertificatePassword] <String>] [[-Nonce] <UInt32>] [[-Version] <UInt16>] [[-Username] <String>] [[-Password] <String>] [[-Url] <Uri>] [[-OutputFile] <FileInfo>] [<CommonParameters>]

New-HPSureRecoverImageConfigurationPayload [-Image] <String> [-SigningKeyFile] <FileInfo> [[-SigningKeyPassword] <String>] [-ImageCertificateFile] <FileInfo> [[-ImageCertificatePassword] <String>] [[-Nonce] <UInt32>] [[-Version] <UInt16>] [[-Username] <String>] [[-Password] <String>] [[-Url] <Uri>] [[-OutputFile] <FileInfo>] [<CommonParameters>]

New-HPSureRecoverImageConfigurationPayload [-Image] <String> [-SigningKeyCertificate] <X509Certificate2> [-ImageCertificate] <X509Certificate2> [[-Nonce] <UInt32>] [[-Version] <UInt16>] [[-Username] <String>] [[-Password] <String>] [[-Url] <Uri>] [[-OutputFile] <FileInfo>] [<CommonParameters>]

New-HPSureRecoverImageConfigurationPayload [-Image] <String> [-SigningKeyFile] <FileInfo> [[-SigningKeyPassword] <String>] [-ImageCertificate] <X509Certificate2> [[-Nonce] <UInt32>] [[-Version] <UInt16>] [[-Username] <String>] [[-Password] <String>] [[-Url] <Uri>] [[-OutputFile] <FileInfo>] [<CommonParameters>]

Description

This function defines a custom HP Sure Recover OS or Recovery image.

On return, the function writes the created payload to the pipeline, or to the file specified in the OutputFile parameter. This payload can then be passed to the Set-HPSecurePlatformPayload function.

Security note: Payloads should only be created on secure servers. Once created, the payload may be transferred to a client and applied via the Set-HPSecurePlatformPayload. Creating the payload and passing it to the Set-HPSecurePlatformPayload function via the pipeline is not a recommended production pattern.

Parameters

Name Argument Description
Image <String> This controls whether this command will create a configuration payload for
  a Recovery Agent image or a Recovery OS image. The parameter value may be 'agent' or 'os'.
SigningKeyFile <FileInfo> The path to the secure platform signing key, as a PFX file. If the PFX file is protected by a password (recommended),
  the SigningKeyPassword parameter should also be provided.
SigningKeyPassword <String> The secure platform signing key file password, if required.
SigningKeyCertificate <X509Certificate2> The secure platform signing key certificate, as an X509Certificate object.
ImageCertificateFile <FileInfo> The path to the image signing certificate, as a PFX file. If the PFX file is protected by a password (recommended),
  the ImageCertificatePassword parameter should also be provided. Depending on the Image switch, this will be either
  the signing key file for the Agent or the OS image.
  
  ImageCertificateFile and PublicKeyFile are mutually exclusive.
ImageCertificatePassword <String> The image signing key file password, if required.
ImageCertificate <X509Certificate2> The image signing key certificate, as an X509Certificate object. Depending on the Image switch, this will be either
  the signing key certificate for the Agent or the OS image.
PublicKeyFile <FileInfo> The image signing key, as the path to a base64-encoded RSA key (a PEM file).
  
  ImageCertificateFile and PublicKeyFile are mutually exclusive.
PublicKey <Byte[]> The image signing key, as an array of bytes, including modulus and exponent.
  
   This option is currently reserved for internal use.
Nonce <UInt32> The operation nonce. In order to prevent replay attacks, the secure platform subsystem will only accept commands with a
  nonce greater or equal to the last nonce sent.
  
  If not specified, the nonce is inferred from the current local time. This works okay in most cases, however this approach has a resolution of seconds,
  so when doing high volume or parallel operations, it is possible to infer the same counter for two or more commands. In those cases, the caller
  should use its own nonce derivation and provide it through this parameter.
Version <UInt16> The operation version. Each new configuration payload must increment the last operation payload version, as available in the public WMI
  setting 'OS Recovery Image Provisioning Version'. If this switch is not provided, the function will read this public wmi setting and increment it, automatically.
Username <String> The username for accessing the url specified in the Url parameter, if any.
Password <String> The password for accessing the url specified in the Url parameter, if any.
Url <Uri> The url from where to download the image. If not specified, the default HP.COM location will be used.
OutputFile <FileInfo> Write the resulting output to the specified file, instead of writing it to the pipeline.

Notes

  • Supported on Windows 10.
  • Requires HP BIOS with HP Sure Recover support

Examples


PS C:\> $payload = New-HPSureRecoverImageConfigurationPayload -SigningKeyFile "$path\signing_key.pfx" -Image OS -ImageKeyFile ` PS C:\> "$path\os.pfx" -username my_http_user -password `s3cr3t` -url "http://my.company.com" PS C:\> ... PS C:\> $payload | Set-HPSecurePlatformPayload

See also