Summary
Creates a payload to configure the HP Sure Recover OS or Recovery image
Syntax
New-HPSureRecoverImageConfigurationPayload [-Image] <String> [-SigningKeyFile] <FileInfo> [[-SigningKeyPassword] <String>] [-PublicKeyFile] <FileInfo> [[-Nonce] <UInt32>] [[-Version] <UInt16>] [[-Username] <String>] [[-Password] <String>] [[-Url] <Uri>] [[-OutputFile] <FileInfo>] [<CommonParameters>]
New-HPSureRecoverImageConfigurationPayload [-Image] <String> [-PublicKeyFile] <FileInfo> [[-Nonce] <UInt32>] [[-Version] <UInt16>] [[-Username] <String>] [[-Password] <String>] [[-Url] <Uri>] [[-OutputFile] <FileInfo>] [-RemoteSigningServiceKeyID] <String> [-RemoteSigningServiceURL] <String> [[-CacheAccessToken]] [<CommonParameters>]
New-HPSureRecoverImageConfigurationPayload [-Image] <String> [-PublicKey] <Byte[]> [[-Nonce] <UInt32>] [[-Version] <UInt16>] [[-Username] <String>] [[-Password] <String>] [[-Url] <Uri>] [[-OutputFile] <FileInfo>] [-RemoteSigningServiceKeyID] <String> [-RemoteSigningServiceURL] <String> [[-CacheAccessToken]] [<CommonParameters>]
New-HPSureRecoverImageConfigurationPayload [-Image] <String> [-ImageCertificateFile] <FileInfo> [[-ImageCertificatePassword] <String>] [[-Nonce] <UInt32>] [[-Version] <UInt16>] [[-Username] <String>] [[-Password] <String>] [[-Url] <Uri>] [[-OutputFile] <FileInfo>] [-RemoteSigningServiceKeyID] <String> [-RemoteSigningServiceURL] <String> [[-CacheAccessToken]] [<CommonParameters>]
New-HPSureRecoverImageConfigurationPayload [-Image] <String> [-ImageCertificate] <X509Certificate2> [[-Nonce] <UInt32>] [[-Version] <UInt16>] [[-Username] <String>] [[-Password] <String>] [[-Url] <Uri>] [[-OutputFile] <FileInfo>] [-RemoteSigningServiceKeyID] <String> [-RemoteSigningServiceURL] <String> [[-CacheAccessToken]] [<CommonParameters>]
New-HPSureRecoverImageConfigurationPayload [-Image] <String> [-SigningKeyCertificate] <X509Certificate2> [-PublicKeyFile] <FileInfo> [[-Nonce] <UInt32>] [[-Version] <UInt16>] [[-Username] <String>] [[-Password] <String>] [[-Url] <Uri>] [[-OutputFile] <FileInfo>] [<CommonParameters>]
New-HPSureRecoverImageConfigurationPayload [-Image] <String> [-SigningKeyCertificate] <X509Certificate2> [-PublicKey] <Byte[]> [[-Nonce] <UInt32>] [[-Version] <UInt16>] [[-Username] <String>] [[-Password] <String>] [[-Url] <Uri>] [[-OutputFile] <FileInfo>] [<CommonParameters>]
New-HPSureRecoverImageConfigurationPayload [-Image] <String> [-SigningKeyFile] <FileInfo> [[-SigningKeyPassword] <String>] [-PublicKey] <Byte[]> [[-Nonce] <UInt32>] [[-Version] <UInt16>] [[-Username] <String>] [[-Password] <String>] [[-Url] <Uri>] [[-OutputFile] <FileInfo>] [<CommonParameters>]
New-HPSureRecoverImageConfigurationPayload [-Image] <String> [-SigningKeyCertificate] <X509Certificate2> [-ImageCertificateFile] <FileInfo> [[-ImageCertificatePassword] <String>] [[-Nonce] <UInt32>] [[-Version] <UInt16>] [[-Username] <String>] [[-Password] <String>] [[-Url] <Uri>] [[-OutputFile] <FileInfo>] [<CommonParameters>]
New-HPSureRecoverImageConfigurationPayload [-Image] <String> [-SigningKeyFile] <FileInfo> [[-SigningKeyPassword] <String>] [-ImageCertificateFile] <FileInfo> [[-ImageCertificatePassword] <String>] [[-Nonce] <UInt32>] [[-Version] <UInt16>] [[-Username] <String>] [[-Password] <String>] [[-Url] <Uri>] [[-OutputFile] <FileInfo>] [<CommonParameters>]
New-HPSureRecoverImageConfigurationPayload [-Image] <String> [-SigningKeyCertificate] <X509Certificate2> [-ImageCertificate] <X509Certificate2> [[-Nonce] <UInt32>] [[-Version] <UInt16>] [[-Username] <String>] [[-Password] <String>] [[-Url] <Uri>] [[-OutputFile] <FileInfo>] [<CommonParameters>]
New-HPSureRecoverImageConfigurationPayload [-Image] <String> [-SigningKeyFile] <FileInfo> [[-SigningKeyPassword] <String>] [-ImageCertificate] <X509Certificate2> [[-Nonce] <UInt32>] [[-Version] <UInt16>] [[-Username] <String>] [[-Password] <String>] [[-Url] <Uri>] [[-OutputFile] <FileInfo>] [<CommonParameters>]
Description
This command creates a payload to configure a custom HP Sure Recover OS or Recovery image. There are three signing options to choose from: - Signing Key File (and Password) using -SigningKeyFile and -SigningKeyPassword parameters - Signing Key Certificate using -SigningKeyCertificate parameter - Remote Signing using -RemoteSigningServiceKeyID and -RemoteSigningServiceURL parameters
Please note that using a Key File with Password in PFX format is recommended over using an X509 Certificate object because a private key in a certificate is not password protected.
This command writes the created payload to the pipeline or to the file specified in the OutputFile parameter. This payload can then be passed to the Set-HPSecurePlatformPayload command.
Security note: Payloads should only be created on secure servers. Once created, the payload may be transferred to a client and applied via the Set-HPSecurePlatformPayload. Creating the payload and passing it to the Set-HPSecurePlatformPayload command via the pipeline is not a recommended production pattern.
Parameters
| Name | Argument | Description |
|---|---|---|
| Image | <String> | Specifies whether this command will create a configuration payload for a Recovery Agent image or a Recovery OS image. The value must be either 'agent' or 'os'. |
| SigningKeyFile | <FileInfo> | Specifies the path to the Secure Platform Management signing key as a PFX file. If the PFX file is protected by a password (recommended), the SigningKeyPassword parameter should also be provided. |
| SigningKeyPassword | <String> | Specifies the Secure Platform Management signing key file password, if required |
| SigningKeyCertificate | <X509Certificate2> | Specifies the Secure Platform Management signing key certificate as an X509Certificate object |
| ImageCertificateFile | <FileInfo> | Specifies the path to the image signing certificate as a PFX file. If the PFX file is protected by a password (recommended), the ImageCertificatePassword parameter should also be provided. Depending on the Image switch, this will be either the signing key file for the Agent or the OS image. ImageCertificateFile and PublicKeyFile are mutually exclusive. |
| ImageCertificatePassword | <String> | Specifies the image signing key file password, if required |
| ImageCertificate | <X509Certificate2> | Specifies the image signing key certificate as an X509Certificate object. Depending on the Image parameter, this value will be either the signing key certificate for the Agent or the OS image. |
| PublicKeyFile | <FileInfo> | Specifies the image signing key as the path to a base64-encoded RSA key (a PEM file). ImageCertificateFile and PublicKeyFile are mutually exclusive. |
| PublicKey | <Byte[]> | Specifies the image signing key as an array of bytes, including modulus and exponent. This option is currently reserved for internal use. |
| Nonce | <UInt32> | Specifies a Nonce. If nonce is specified, the Secure Platform Management subsystem will only accept commands with a nonce greater or equal to the last nonce sent. This approach helps to prevent replay attacks. If not specified, the nonce is inferred from the current local time. The current local time as the nonce works in most cases. However, this approach has a resolution of seconds, so when performing parallel operations or a high volume of operations, it is possible for the same counter to be interpreted for more than one command. In these cases, the caller should use its own nonce derivation and provide it through this parameter. |
| Version | <UInt16> | Specifies the operation version. Each new configuration payload must increment the last operation payload version, as available in the public WMI setting 'OS Recovery Image Provisioning Version'. If this parameter is not provided, this command will read the public wmi setting and increment it automatically. |
| Username | <String> | Specifies the username for accessing the url specified in the Url parameter, if any. |
| Password | <String> | Specifies the password for accessing the url specified in the Url parameter, if any. |
| Url | <Uri> | Specifies the url from where to download the image. If not specified, the default HP.COM location will be used. |
| OutputFile | <FileInfo> | Specifies the file to write output to instead of writing the output to the pipeline |
| RemoteSigningServiceKeyID | <String> | Specifies the Signing Key ID to be used |
| RemoteSigningServiceURL | <String> | Specifies the (Key Management Service) KMS server URL (I.e.: https:// |
| CacheAccessToken | If specified, the access token is cached in msalcache.dat file and user credentials will not be asked again until the credentials expire. This parameter should be specified for caching the access token when performing multiple operations on the KMS server. If access token is not cached, the user must re-enter credentials on each call of this command. |
Notes
- Requires HP BIOS with HP Sure Recover support
Examples
PS C:\> $payload = New-HPSureRecoverImageConfigurationPayload -SigningKeyFile "$path\signing_key.pfx" -Image OS -ImageKeyFile `
PS C:\> "$path\os.pfx" -username my_http_user -password `s3cr3t` -url "http://my.company.com"
PS C:\> ...
PS C:\> $payload | Set-HPSecurePlatformPayload