HP Printer Embedded Security

Protect Your Printer Fleet with Embedded Security Software

The latest HP Enterprise printers, shipping since Fall 2015 with FutureSmart firmware version 3.7 and newer, are designed with embedded security features that provide protection against complex security threats across the network, including ransomware attacks, hacking and other forms of intrusion.

The three key features of HP's embedded printer security are:

  1. HP SureStart: validates the integrity of the BIOS (Basic Input/Output System) code
  2. Whitelisting: validates the integrity of the firmware code
  3. Run-Time Intrusion Detection: detects changes to the system memory

You can learn more about each embedded printer security features below in this video:

HP SureStart

HP SureStart is a feature that automatically validates the printer’s BIOS. The BIOS is a set of startup instructions used to load fundamental hardware components and initiate the HP FutureSmart firmware for HP LaserJet Enterprise printers.

Every time a printer is turned on or restarts with an error, HP SureStart validates the integrity of the BIOS by implementing a Secure Hash Algorithm (SHA–256) signed with HP’s digital signature to ensure that the printer is safeguarded from malicious attacks. If validation fails, the printer restarts using a safe “Golden Copy” of the BIOS. The “Golden Copy” of the BIOS is stored in an electrically isolated location within the printer and is loaded during manufacturing.


Whitelisting is a feature that uses code-signing to make sure that only known HP firmware versions are loaded. The firmware coordinates hardware functions, runs the control panel, provides network security, and determines what features are available when printing, scanning, or sending emails.

Whitelisting uses an HP digital signature to verify that only authentic HP code, solutions, and 3rd party solution files are authorized to be loaded into memory and operate the printer. If a file without an authentic HP digital signature is detected, the printer will not load the solutions file, will restart the printer, and will display the Preboot menu options on the control panel, thus preventing a potential malware exploit from executing.

Run-Time Intrusion Detection

The Run-time Intrusion Detection feature detects anomalies in the system memory and protects the printer while it is connected to the network. It detects any malware intrusion attempts during complex firmware and system memory operations, and validates that the memory space is not modified to prevent memory corruption. If an intrusion is detected, the printer waits no more than a minute to cancel pending print jobs, automatically restarts, and then returns the printer to a secure state.

Old HP Printers?

If you would like to secure your HP printing fleet but have have older printers that cannot be upgraded to take advantage of the HP embedded printer security features listed above, you have two choices:

We can help you analyze what works best for your organization, but we can't help you if you don't contact us.

Contact us to learn more about HP printer and MFP security