HP Customer Support - Knowledge Base




  • Information
    Need Windows 11 help?

    Check documents and videos on compatibility, FAQs, upgrade information and available fixes. Windows 11 Support Center

  • Feedback



HP Enterprise printers - Embedded Security features


The latest HP Enterprise printers available in Fall 2015 are designed with embedded security features to provide protection against complex security threats across the network.
These security features are only available with FutureSmart firmware version 3.7 and newer.
The three key features to prevent security breaches are:
  • HP SureStart: Validates the integrity of the BIOS (Basic Input/Output System) code.
  • Whitelisting: Validates the integrity of the firmware code.
  • Run-time Intrusion Detection: Detects changes to the system memory.
To see a video of the embedded security features, click

Overview of the embedded security features

As printers become more complex, they can become targets for hackers looking for new ways to infiltrate the network. In an event of a security threat or anomaly, HP SureStart, Whitelisting, and Runtime Intrusion Detection help to detect, protect, and recover the printer. These embedded security features automatically restart the printer to a secure state.
The embedded security feature options are enabled by default on printers running firmware version 3.7 and newer to ensure that the printer is always protected.

HP SureStart ( )

HP SureStart is a feature that automatically validates the printer’s BIOS. The BIOS is a set of startup instructions used to load fundamental hardware components and initiate the HP FutureSmart firmware for HP LaserJet Enterprise printers. Every time a printer is turned on or restarts with an error, HP SureStart validates the integrity of the BIOS by implementing a Secure Hash Algorithm (SHA–256) signed with HP’s digital signature to ensure that the printer is safeguarded from malicious attacks. If validation fails, the printer restarts using a safe “Golden Copy” of the BIOS. The “Golden Copy” of the BIOS is stored in an electrically isolated location within the printer and is loaded during manufacturing.

Whitelisting ( )

Whitelisting is a feature that uses code-signing to make sure that only known HP firmware versions are loaded. The firmware coordinates hardware functions, runs the control panel, provides network security, and determines what features are available when printing, scanning, or sending emails. Whitelisting uses an HP digital signature to verify that only authentic HP code, solutions, and 3rd party solution files are authorized to be loaded into memory and operate the printer. If a file without an authentic HP digital signature is detected, the printer will not load the solutions file, will restart the printer, and will display the Preboot menu options on the control panel, thus preventing a potential malware exploit from executing.

Run-time Intrusion Detection ( )

The Run-time Intrusion Detection feature detects anomalies in the system memory and protects the printer while it is connected to the network. It detects any malware intrusion attempts during complex firmware and system memory operations, and validates that the memory space is not modified to prevent memory corruption. If an intrusion is detected, the printer waits no more than a minute to cancel pending print jobs, automatically restarts, and then returns the printer to a secure state.

Enable the security features in the printer

To enable the printer with security features, follow these steps:
  1. Update the printer’s firmware to FutureSmart bundle version 3.7 or newer.
  2. After installing the firmware, make sure that the security features are listed as “Present” in the Configuration Page under the Security section.
    HP SureStart is supported on Enterprise printers released after Spring 2016.
    Figure : Configuration Page listing the security features

Security Alert Examples

When a security event occurs, security alerts will display as error code messages on the printer’s control panel and the Event Log Page will record an event log code indicating a security event.
Examples of these error code messages displayed on the printer’s control panel are:
  • 33.05.01 Security Alert: This error indicates that the firmware downloaded failed to cryptographically validate the BIOS code.
  • 33.05.12 Security Alert: This error occurs when the firmware file’s digital signature is not valid or the certificate used to validate the firmware file digital signature is invalid.
  • 33.05.21 Potential Intrusion and 33.05.21 Security Alert: These errors indicate that a potential intrusion is detected in the system memory. When the printer encounters a memory corruption, a “Potential Intrusion” error displays on the control panel while cancelling any job, and then displays the “Security Alert” message in the Preboot menu.
    For more information of the error code messages, go to Troubleshooting the Embedded Security messages (c04921512).
    Figure : 33.05.21 Potential Intrusion error on the control panel
    Figure : 33.05.21 Security Alert error in the Preboot menu
    Figure : 33.05.21 Potential Intrusion error in the Event Log

Supported Printers

To view the HP printers with the embedded security features, see Supported Products for HP SureStart, Whitelisting, and Intrusion Detection.






Country/Region: Flag United States