HP 8530p Trusted Execution Technology and Tboot Implementation - Page 2

BIOS TXT Settings, Fedora Installation - base system device

Get HP 8530p - EliteBook - Core 2 Duo 2.4 GHz PDF manuals and user guides
UPC - 884962209325
View all HP 8530p manuals
Add to My Manuals
Save this manual to your list of manuals

Page 2 highlights

Trusted boot (Tboot), an open source, pre- kernel/VMM module that uses Intel(R) Trusted Execution Technology (Intel(R) TXT) to perform a measured and verified launch of an OS kernel/VMM (http://sourceforge.net/projects/tboot, http://www.bughost.org/repos.hg/tboot.hg). Launch Control Policy (LCP) is a verification mechanism used to verify the Intel TXT 'verified launch processes. Based on the criteria/choice defined in the Platform Default (PD) policy set by the Platform Supplier (PS) or the Platform Owner (PO) policy set by the owner, the LCP determines whether the current platform configuration or environment meets the requirements and can be launched. System Requirements • Trusted Platform Module (TPM 1.2), TXT and Virtualization Technology (VT) supported chipset (vPro platforms). • TPM - Locked, Enabled and Activated, VT- Enabled, TXT- Enabled (discussed in next section) BIOS TXT Settings Enter BIOS Setup by pressing F10 during POST and execute the following steps: 1. Go to Security Æ Setup BIOS Administrator Password to enter the BIOS administrator password. 2. Go to Security Æ TPM Embedded Security Æ Embedded Security Device State Æ Enabled 3. Go to System Configuration Æ Device Configurations Æ Virtualization Technology Æ Enabled 4. Go to System Configuration Æ Device Configurations Æ SATA Native Mode Æ IDE (optional) 5. (Note: If you expect to use RAID option at some point in the future, then it is advisable to use AHCI/RAID option instead of IDE. Switching from IDE to AHCI/RAID will result in "Kernel Panic" message and makes it impossible to boot to Fedora unless you switch the SATA option back to IDE) 6. Save settings and exit F10 and reboot. Enter BIOS setup by pressing F10 during POST, execute the following steps: 1. Go to System Configuration Æ Device Configurations Æ TXT Technology Æ Enabled 2. Save settings and exit F10 and reboot. Fedora Installation 1. Download the image of Fedora 7/8 and burn it on DVD. 2. Start the Fedora installation. If you see any "Kernel Panic -" message or if the installation hangs, try adding "acpi=off" as kernel arguments (hit tab) at the grubloader. 3. At the "Disk Partitioning Setup" screen, select from the Drop down Menu, , press 4. Delete any existing partitions. 5. Next add 3 partitions as follows and Press : 1st: mount Point: "/boot", file type = ext3, size = 400 2nd: file type: swap, size = 2048 3rd: mount point = "/", file type = ext3, size = fill to max 2

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
2
Trusted boot (Tboot), an open source, pre- kernel/VMM module that uses Intel(R) Trusted Execution
Technology (Intel(R) TXT) to perform a measured and verified launch of an OS kernel/VMM
(
http://sourceforge.net/projects/tboot
,
).
Launch Control Policy (LCP) is a verification mechanism used to verify the Intel TXT ‘verified launch
processes. Based on the criteria/choice defined in the Platform Default (PD) policy set by the Platform
Supplier (PS) or the Platform Owner (PO) policy set by the owner, the LCP determines whether the
current platform configuration or environment meets the requirements and can be launched.
System Requirements
Trusted Platform Module (TPM 1.2), TXT and Virtualization Technology (VT) supported chipset (vPro
platforms).
TPM – Locked, Enabled and Activated, VT- Enabled, TXT- Enabled (discussed in next section)
BIOS TXT Settings
Enter BIOS Setup by pressing F10 during POST and execute the following steps:
1.
Go to
Security
Æ
Setup BIOS Administrator Password
to enter the BIOS administrator
password.
2.
Go to
Security
Æ
TPM Embedded Security
Æ
Embedded Security Device State
Æ
Enabled
3.
Go to
System Configuration
Æ
Device Configurations
Æ
Virtualization Technology
Æ
Enabled
4.
Go to
System Configuration
Æ
Device Configurations
Æ
SATA Native Mode
Æ
IDE
(optional)
5.
(Note: If you expect to use RAID option at some point in the future, then it is advisable to use
AHCI/RAID option instead of IDE. Switching from IDE to AHCI/RAID will result in “Kernel Panic”
message and makes it impossible to boot to Fedora unless you switch the SATA option back to
IDE)
6.
Save settings and exit F10 and reboot.
Enter BIOS setup by pressing F10 during POST, execute the following steps:
1.
Go to System
Configuration
Æ
Device Configurations
Æ
TXT Technology
Æ
Enabled
2.
Save settings and exit F10 and reboot.
Fedora Installation
1.
Download the image of
Fedora 7
/
8
and burn it on DVD.
2.
Start the Fedora installation. If you see any “Kernel Panic –” message or if the installation hangs,
try adding “acpi=off” as kernel arguments (hit tab) at the grubloader.
3.
At the “Disk Partitioning Setup” screen, select from the Drop down Menu, <Create custom Layout>,
press <Next>
4.
Delete any existing partitions.
5.
Next add 3 partitions as follows and Press <Next>:
1
st
:
mount Point: "/boot",
file type = ext3, size = 400
2
nd
:
file type: swap, size = 2048
3
rd
:
mount point = “/”, file type = ext3, size = fill to max