Chapter 1: Introduction
1-3
1.3 Motherboards Supported for TPM
Please refer to the Supermicro website (http://www.supermicro.com/) for a complete
and most up-to-date list of the motherboards that can support the TPM. As a general
rule, besides the X11 motherboards, the list includes most X9 motherboards, all
X10 motherboards, and some AMD motherboards. These motherboards will come
with a specially designated JTPM1 connector on every board, which will be listed
in the respective motherboard's manual.
1.4 Intel
®
TXT
The Intel
Trusted Execution Technology (TXT) is a software tool that may be used
in conjunction with the TPM to provide additional security for pre-launch rmware
of clusters and clouds, including but not limited to the BIOS, IPMI, SAS rmware,
and CMM rmware. It is optional, but the TPM is required for it to be provisioned.
It will further enhance system security by protecting rmware against malicious
attacks on vulnerable areas.
It works by matching hypervisor measures with encryption keys upon system launch.
If the hypervisor does not match the keys, the hypervisor will be prevented from
starting up.
To use the TXT, you need to enable TXT support after provisioning the TPM.
Note: TXT is only supported on Intel platforms that support TPM use.
How the TXT Works
The Intel TXT, when enabled, follows a step-by-step process to ensure the security
of pre-launch components.
1. Measures the hypervisor launch upon system startup
2. Checks for a match
3. If matched: The TXT signals "trusted," and the launch is allowed to proceed.
4. If mismatched: The TXT signals "untrusted," and the launch is blocked.
To Next Page
Loading...
