System Security Intel® Server Board S2600CW Family TPS
58 Revision 2.4
4.3.2 Physical Presence
Administrative operations to the TPM require TPM ownership or physical presence indication
by the operator to confirm the execution of administrative operations. The BIOS implements
the operator presence indication by verifying the setup Administrator password.
A TPM administrative sequence invoked from the operating system proceeds as follows:
1. A user makes a TPM administrative request through the operating system’s security
software.
2. The operating system requests the BIOS to execute the TPM administrative command
through TPM ACPI methods and then resets the system.
3. The BIOS verifies the physical presence and confirms the command with the operator.
4. The BIOS executes TPM administrative command(s), inhibits BIOS Setup entry, and
boots directly to the operating system which requested the TPM command(s).
4.3.3 TPM Security Setup Options
The BIOS TPM Setup allows the operator to view the current TPM state and to carry out
rudimentary TPM administrative operations. Performing TPM administrative options through
the BIOS setup requires TPM physical presence verification.
Using the BIOS TPM Setup, the operator can turn ON or OFF TPM functionality and clear the
TPM ownership contents. After the requested TPM BIOS Setup operation is carried out, the
option reverts to No Operation.
The BIOS TPM Setup also displays the current state of the TPM, whether TPM is enabled or
disabled and activated or deactivated. Note that while using TPM, a TPM-enabled operating
system or application may change the TPM state independently of the BIOS setup. When an
operating system modifies the TPM state, the BIOS Setup displays the updated TPM state.
The BIOS Setup TPM Clear option allows the operator to clear the TPM ownership key and
allows the operator to take control of the system with TPM. You use this option to clear
security settings for a newly initialized system or to clear a system for which the TPM
ownership security key was lost.
4.4 Intel® Trusted Execution Technology
The Intel® Xeon® Processor E5-4600/2600/2400/1600 v3 and v4 product families support
Intel® Trusted Execution Technology (Intel® TXT), which is a robust security environment.
Designed to help protect against software-based attacks, Intel® Trusted Execution Technology
integrates new security features and capabilities into the processor, chipset, and other
platform components. When used in conjunction with Intel® Virtualization Technology, Intel®
Trusted Execution Technology provides hardware-rooted trust for your virtual applications.
This hardware-rooted security provides a general-purpose, safer computing environment
capable of running a wide variety of operating systems and applications to increase the
To Next Page
Loading...
