Intel S2600CP Technical Product Specification - Page 69

Physical Presence, TPM Security Setup Options

Get Intel S2600CP PDF manuals and user guides View all Intel S2600CP manuals
Add to My Manuals
Save this manual to your list of manuals

Page 69 highlights

Intel® Server Board S2600CP and Server System P4000CP TPS System Security  Provides BIOS Setup options to change TPM security states and to clear TPM ownership. For additional details, refer to the TCG PC Client Specific Implementation Specification, the TCG PC Client Specific Physical Presence Interface Specification, and the Microsoft BitLocker* Requirement documents. 5.2.2 Physical Presence Administrative operations to the TPM require TPM ownership or physical presence indication by the operator to confirm the execution of administrative operations. The BIOS implements the operator presence indication by verifying the setup Administrator password. A TPM administrative sequence invoked from the operating system proceeds as follows: 1. User makes a TPM administrative request through the operating system's security software. 2. The operating system requests the BIOS to execute the TPM administrative command through TPM ACPI methods and then resets the system. 3. The BIOS verifies the physical presence and confirms the command with the operator. 4. The BIOS executes TPM administrative command(s), inhibits BIOS Setup entry and boots directly to the operating system which requested the TPM command(s). 5.2.3 TPM Security Setup Options The BIOS TPM Setup allows the operator to view the current TPM state and to carry out rudimentary TPM administrative operations. Performing TPM administrative options through the BIOS setup requires TPM physical presence verification. Using BIOS TPM Setup, the operator can turn ON or OFF TPM functionality and clear the TPM ownership contents. After the requested TPM BIOS Setup operation is carried out, the option reverts to No Operation. The BIOS TPM Setup also displays the current state of the TPM, whether TPM is enabled or disabled and activated or deactivated. Note that while using TPM, a TPM-enabled operating system or application may change the TPM state independent of the BIOS setup. When an operating system modifies the TPM state, the BIOS Setup displays the updated TPM state. The BIOS Setup TPM Clear option allows the operator to clear the TPM ownership key and allows the operator to take control of the system with TPM. You use this option to clear security settings for a newly initialized system or to clear a system for which the TPM ownership security key was lost. 5.2.3.1 Security Screen To enter the BIOS Setup, press the F2 function key during boot time when the OEM or Intel logo displays. The following message displays on the diagnostics screen and under the Quiet Boot logo screen: Press to enter setup Revision 1.2 53 Intel order number G26942-003

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
Intel® Server Board S2600CP and Server System P4000CP TPS
System Security
Revision 1.2
Intel order number G26942-003
53
Provides BIOS Setup options to change TPM security states and to clear TPM
ownership.
For additional details, refer to the
TCG PC Client Specific Implementation Specification
, the
TCG PC Client Specific Physical Presence Interface Specification
, and the
Microsoft BitLocker*
Requirement
documents.
5.2.2
Physical Presence
Administrative operations to the TPM require TPM ownership or physical presence indication by
the operator to confirm the execution of administrative operations. The BIOS implements the
operator presence indication by verifying the setup Administrator password.
A TPM administrative sequence invoked from the operating system proceeds as follows:
1.
User makes a TPM administrative request through the operating system’s security software.
2.
The operating system requests the BIOS to execute the TPM administrative command
through TPM ACPI methods and then resets the system.
3.
The BIOS verifies the physical presence and confirms the command with the operator.
4. T
he BIOS executes TPM administrative command(s), inhibits BIOS Setup entry and boots
directly to the operating system which requested the TPM command(s).
5.2.3
TPM Security Setup Options
The BIOS TPM Setup allows the operator to view the current TPM state and to carry out
rudimentary TPM administrative operations. Performing TPM administrative options through the
BIOS setup requires TPM physical presence verification.
Using BIOS TPM Setup, the operator can turn ON or OFF TPM functionality and clear the TPM
ownership contents. After the requested TPM BIOS Setup operation is carried out, the option
reverts to No Operation.
The BIOS TPM Setup also displays the current state of the TPM, whether TPM is enabled or
disabled and activated or deactivated. Note that while using TPM, a TPM-enabled operating
system or application may change the TPM state independent of the BIOS setup. When an
operating system modifies the TPM state, the BIOS Setup displays the updated TPM state.
The BIOS Setup TPM Clear option allows the operator to clear the TPM ownership key and
allows the operator to take control of the system with TPM. You use this option to clear security
settings for a newly initialized system or to clear a system for which the TPM ownership security
key was lost.
5.2.3.1
Security Screen
To enter the BIOS Setup, press the F2 function key during boot time when the OEM or Intel logo
displays. The following message displays on the diagnostics screen and under the Quiet Boot
logo screen:
Press <F2> to enter setup