Relion 1900e/2900e Manual
Revision 1.0
56
6.2.1
TPM security BIOS
The BIOS TPM support conforms to the TPM PC Client Implementation Specification for Conventional BIOS,
the TPM Interface Specification, and the Microsoft Windows BitLocker* Requirements. The role of the BIOS
for TPM security includes the following:
Measures and stores the boot process in the TPM microcontroller to allow a TPM enabled operating
system to verify system boot integrity.
Produces EFI and legacy interfaces to a TPM-enabled operating system for using TPM.
Produces ACPI TPM device and methods to allow a TPM-enabled operating system to send TPM
administrative command requests to the BIOS.
Verifies operator physical presence. Confirms and executes operating system TPM administrative
command requests.
Provides BIOS Setup options to change TPM security states and to clear TPM ownership.
For additional details, refer to the TCG PC Client Specific Implementation Specification, the TCG PC Client
Specific Physical Presence Interface Specification, and the Microsoft BitLocker* Requirement documents.
6.2.2
Physical Presence
Administrative operations to the TPM require TPM ownership or physical presence indication by the
operator to confirm the execution of administrative operations. The BIOS implements the operator presence
indication by verifying the setup Administrator password.
A TPM administrative sequence invoked from the operating system proceeds as follows:
1. User makes a TPM administrative request through the operating system’s security software.
2.
The operating system requests the BIOS to execute the TPM administrative command through TPM ACPI
methods and then resets the system.
3.
The BIOS verifies the physical presence and confirms the command with the operator.
4. T
he BIOS executes TPM administrative command(s), inhibits BIOS Setup entry and boots directly to the
operating system which requested the TPM command(s).
6.2.3
TPM Security Setup Options
The BIOS TPM Setup allows the operator to view the current TPM state and to carry out rudimentary TPM
administrative operations. Performing TPM administrative options through the BIOS setup requires TPM
physical presence verification. TPM administrative options are only shown in the Security Menu screen when
a TPM is physically installed on the board.
Using BIOS TPM Setup, the operator can turn ON or OFF TPM functionality and clear the TPM ownership
contents. After the requested TPM BIOS Setup operation is carried out, the option reverts to No Operation.
The BIOS TPM Setup also displays the current state of the TPM, whether TPM is enabled or disabled and
activated or deactivated. Note that while using TPM, a TPM-enabled operating system or application may
change the TPM state independent of the BIOS setup. When an operating system modifies the TPM state, the
BIOS Setup displays the updated TPM state.
The BIOS Setup TPM Clear option allows the operator to clear the TPM ownership key and allows the
operator to take control of the system with TPM. You use this option to clear security settings for a newly
initialized system or to clear a system for which the TPM ownership security key was lost.
Summary of Contents for Relion 1900e
Page 2: ...Relion 1900e 2900e Manual Revision 1 3 April 2016 Intel Server Boards and Systems...
Page 11: ...Relion 1900e 2900e Manual x Revision 1 3 Figure 36 Relion 1900e 149 Figure 37 Relion 2900e 152...
Page 14: ...Relion 1900e 2900e Manual Revision 1 3 xiii This page is intentionally left blank...
Page 15: ......