New Technologies ESB2 BMC Core TPS
Revision 1.0
Intel order number E18291-001
248
Verifies operator physical presence. Confirms and executes operating system TPM
administrative command requests.
Provides BIOS Setup options to change TPM security states and to clear TPM
ownership.
See the TCG PC Client Specific Implementation Specification, the TCG PC Client Specific
Physical Presence Interface Specification and the Microsoft BitLocker Requirement documents
for more details.
20.2.2 Physical Presence
Administrative operations to the TPM require TPM ownership or the physical presence
indication by the operator to confirm the execution of the administrative operations. The BIOS
implements operator presence indication by verifying the setup Administrator password.
A TPM administrative sequence invoked from the operating system proceeds as follows:
User makes a TPM administrative request through the operating system’s security
software.
The operating system requests the BIOS to execute the TPM administrative command
through TPM ACPI methods, and then resets the system.
The BIOS verifies the physical presence and confirms the command with the operator.
The BIOS executes TPM administrative command(s), inhibits BIOS Setup entry and
boots directly to the operating system which requested the TPM command(s).
20.2.3 TPM Security Setup Options
BIOS TPM Setup allows the operator to view the current TPM state and to carry out rudimentary
TPM administrative operations. Performing TPM administrative options through BIOS setup
requires TPM physical presence verification.
Using BIOS TPM Setup, the operator can turn ON or OFF TPM functionality and clear the TPM
ownership contents. After the requested TPM BIOS Setup operation is carried out, the option
reverts to “No Operation”.
BIOS TPM Setup also displays the current state of the TPM, whether TPM is enabled or
disabled and activated or deactivated. Note that while utilizing TPM, a TPM enabled operating
system or application may change the TPM state independent of BIOS setup. When an
operating system modifies the TPM state, BIOS Setup displays the updated TPM state.
The BIOS Setup TPM Clear option allows the operator to clear the TPM ownership key and
allows the operator to take control of the system with TPM. This option is used to clear security
settings for a newly initialized system or to clear a system for which the TPM ownership security
key has been lost.
To Next Page
Loading...
Need help?
General
