Configuring Trusted Platform Module optionsConfiguring Trusted Platform Module options
Trusted Platform Modules are computer chips that securely store artifacts used to authenticate the platform. These artifacts can
include passwords, certificates, or encryption keys. You can also use a TPM to store platform measurements to make sure that the
platform remains trustworthy. For servers configured with a Trusted Platform Module, TPM enables the firmware and operating system
to take measurements of all phases of the boot process. For information on installing and enabling the TPM module option, see the user
documentation for your server model.
When enabling the Trusted Platform module, observe the following guidelines:
By default, the Trusted Platform Module is enabled as TPM 2.0 when the server is powered on after installing it.
In UEFI Mode, the Trusted Platform Module can be configured to operate as TPM 2.0 or TPM 1.2.
In Legacy Boot Mode, the Trusted Platform Module configuration can be changed between TPM 1.2 and TPM 2.0, but only TPM 1.2
operation is supported.
CAUTION:CAUTION:
An OS that is using TPM might lock all data access if you do not follow proper procedures for modifying the server and
suspending or disabling TPM in the OS. This includes updating system or option firmware, replacing hardware such as
the system board and hard drive, and modifying TPM OS settings. Changing the TPM mode after installing an OS might
cause problems, including loss of data.
ProcedureProcedure
1. From the System Utilities screen, select System Configuration > BIOS/Platform Configuration (RBSU) > Server Security > Trusted
Platform Module options.
2. Select an option. On servers configured with an optional TPM, you can set the following:
TPM 2.0 Operation—Sets the operation of TPM 2.0 to execute after a reboot. Options are:
No Action—There is no TPM configured.
Clear—TPM is cleared during reboot, and TPM 2.0 Operation is set to No Action.
TPM Mode Switch—Sets the TPM mode to execute after a reboot. Options are:
No Action
TPM 1.2
TPM 2.0
TPM 2.0 Visibility—Sets whether TPM is hidden form the operating system. Options are:
Visible
Hidden—Hides TPM from the operating system. Use this setting to remove TPM options from the system without having to
remove the actual hardware.
TPM UEFI Option ROM Measurement —Enables or disables (skips) measuring UEFI PCI operation ROMs. Options are:
Enabled
Disabled
Backup ROM Image Authentication —Use this option to enable cryptographic authentication of the backup ROM image on
startup. When this option is disabled, only the primary image is authenticated on each startup. Enable this option to also
perform cryptographic authentication of the backup ROM image.
3. Save your changes.
4. Reboot the system.
After the system reboots, you can view the Current TPM Type and Current TPM State settings.
5. Verify that your new Current TPM Type and Current TPM State settings appear at the top of the screen.
To Next Page
Loading...
