Intel® Server Board S2600WF Product Family Technical Product Specification
104
For additional details, refer to the
TCG PC Client Specific Implementation Specification
, the
TCG PC Client
Specific Physical Presence Interface Specification
, and the
Microsoft Windows* BitLocker* Requirements
documents.
10.3.2
Physical Presence
Administrative operations to the TPM require TPM ownership or physical presence indication by the
operator to confirm the execution of administrative operations. The BIOS implements the operator presence
indication by verifying the setup administrator password.
A TPM administrative sequence invoked from the operating system proceeds as follows:
1.
A user makes a TPM administrative request through the operating system’s security software.
2.
The operating system requests the BIOS to execute the TPM administrative command through TPM
ACPI methods and then resets the system.
3.
The BIOS verifies the physical presence and confirms the command with the operator.
4.
The BIOS executes TPM administrative command, inhibits BIOS setup entry, and boots directly to the
operating system which requested the TPM command.
10.3.3
TPM Security Setup Options
The BIOS TPM setup allows the operator to view the current TPM state and to carry out rudimentary TPM
administrative operations. Performing TPM administrative options through the BIOS setup requires TPM
physical presence verification.
Using the BIOS TPM setup, the operator can turn TPM functionality on or off and clear the TPM ownership
contents. After the requested TPM BIOS setup operation is carried out, the option reverts to No Operation.
The BIOS TPM setup also displays the current state of the TPM, whether TPM is enabled or disabled and
activated or deactivated. Note that while using TPM, a TPM-enabled operating system or application may
change the TPM state independently of the BIOS setup. When an operating system modifies the TPM state,
the BIOS Setup displays the updated TPM state.
The BIOS setup TPM Clear option allows the operator to clear the TPM ownership key and allows the
operator to take control of the system with TPM. You use this option to clear security settings for a newly
initialized system or to clear a system for which the TPM ownership security key was lost.
10.4
Intel® Trusted Execution Technology
The Intel® Xeon® processor Scalable product family supports Intel® Trusted Execution Technology (Intel®
TXT), which is a robust security environment. Designed to help protect against software-based attacks, Intel
TXT integrates new security features and capabilities into the processor, chipset, and other platform
components. When used in conjunction with Intel® Virtualization Technology (Intel® VT), Intel TXT provides
hardware-rooted trust for virtual applications.
This hardware-rooted security provides a general-purpose, safer computing environment capable of running
a wide variety of operating systems and applications to increase the confidentiality and integrity of sensitive
information without compromising the usability of the platform.
Intel TXT requires a computer system with Intel Virtualization Technology enabled (both VT-x and VT-d), an
Intel TXT -enabled processor, chipset, and BIOS, Authenticated Code Modules, and an Intel TXT compatible
measured launched environment (MLE). The MLE could consist of a virtual machine monitor, an OS, or an
application. In addition, Intel TXT requires the system to include a TPM v1.2, as defined by the
Trusted
Computing Group TPM PC Client Specifications, Revision 1.2
.
When available, Intel TXT can be enabled or disabled in the processor by a BIOS setup option. For general
information about Intel TXT, visit