New‐HPSureRecoverTriggerRecoveryPayload



Summary

Trigger HP Sure Recover events

Syntax

New-HPSureRecoverTriggerRecoveryPayload [-SigningKeyFile] <String> [[-SigningKeyPassword] <String>] [[-Nonce] <UInt32>] [[-Set]] [[-ForceAfterReboot] <Byte>] [[-PromptPolicy] {None | PromptBeforeRecovery | PromptOnError | PromptAfterRecover}] [[-ErasePolicy] {None | EraseSecureStorage | EraseSystemDrives}] [[-OutputFile] <FileInfo>] [<CommonParameters>]

New-HPSureRecoverTriggerRecoveryPayload [-SigningKeyFile] <String> [[-SigningKeyPassword] <String>] [[-Nonce] <UInt32>] [-Cancel] [[-OutputFile] <FileInfo>] [<CommonParameters>]

New-HPSureRecoverTriggerRecoveryPayload [-SigningKeyCertificate] <Byte[]> [[-Nonce] <UInt32>] [-Cancel] [[-OutputFile] <FileInfo>] [<CommonParameters>]

New-HPSureRecoverTriggerRecoveryPayload [-SigningKeyCertificate] <Byte[]> [[-Nonce] <UInt32>] [[-Set]] [[-ForceAfterReboot] <Byte>] [[-PromptPolicy] {None | PromptBeforeRecovery | PromptOnError | PromptAfterRecover}] [[-ErasePolicy] {None | EraseSecureStorage | EraseSystemDrives}] [[-OutputFile] <FileInfo>] [<CommonParameters>]

Description

This function create a payload to trigger HP Sure Recover

On return, the function writes the created payload to the pipeline, or to the file specified in the OutputFile parameter. This payload can then be passed to the Set-HPSecurePlatformPayload function.

Security note: Payloads should only be created on secure servers. Once created, the payload may be transferred to a client and applied via the Set-HPSecurePlatformPayload. Creating the payload and passing it to the Set-HPSecurePlatformPayload function via the pipeline is not a recommended production pattern.

Parameters

Name Argument Description
SigningKeyFile <String> The path to the secure platform signing key, as a PFX file. If the PFX file is protected by a password (recommended),
  the SigningKeyPassword parameter should also be provided.
SigningKeyPassword <String> The secure platform signing key file password, if required.
SigningKeyCertificate <Byte[]> The secure platform signing key certificate, as an X509Certificate object.
Nonce <UInt32> The operation nonce. In order to prevent replay attacks, the secure platform subsystem will only accept commands with a
  nonce greater or equal to the last nonce sent.
  
  If not specified, the nonce is inferred from the current local time. This works okay in most cases, however this approach has a resolution of seconds,
  so when doing high volume or parallel operations, it is possible to infer the same counter for two or more commands. In those cases, the caller
  should use its own nonce derivation and provide it through this parameter.
Set Indicates this is an operation to set the trigger information. This switch is default, and optional.
Cancel Indicates this is an operation to cancel any existing trigger definition.
ForceAfterReboot <Byte> Defines how many reboots to count before applying the trigger. If not specified, defaults to 1 (next reboot).
PromptPolicy <surerecover_prompt_policy> Defines the prompting policy. If not defined, it will default to prompt before recovery, and on error.
ErasePolicy <surerecover_erase_policy> Defines the erase policy for the imaging process.
OutputFile <FileInfo> Write the resulting output to the specified file, instead of writing it to the pipeline.

Notes

  • Supported on Windows 10.
  • Requires HP BIOS with HP Sure Recover support

See also