Intel® Trusted Platform Module (TPM-AXXTPME3/ AXXTPME5) Hardware User’s Guide Intel Order Number: G21682-004
DISCLAIMER INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL® PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT.
Preface This is the primary hardware guide for the Intel® Trusted Platform Module (TPM). It contains installation instructions and specifications. Audience The people who benefit from this document are: • Engineers who are designing an Intel® TPM. • Anyone installing an Intel® TPM in their Intel® server system. Organization This document includes the following chapters and appendices: • • • • Chapter 1 provides a general overview of the Intel® TPM.
iv Intel® Trusted Platform Module Hardware User’s Guide
Table of Contents Preface ........................................................................................................................ iii Audience ............................................................................................................................... iii Organization ......................................................................................................................... iii Related Publication .............................................................
vi Intel® Trrusted Platform Module Hardware User’s Guide
List of Figures Figure 1. TPM............................................................................................................................ 1 Figure 2. TPM Dimensioned Drawing ....................................................................................... 3 Figure 3. Setup Utility – TPM Configuration Screen..................................................................
viii Intel® Trusted Platform Module Hardware User’s Guide
List of Tables Table 1. TPM Setup Utility – Security Configuration Screen Fields .......................................... 7 Table 2. TPM Connector Pin-out .............................................................................................
x Intel® Trusted Platform Module Hardware User’s Guide
1 Overview The Intel® Trusted Platform Module (TPM) is a hardware-based security device that addresses the growing concern on boot process integrity and offers better data protection. TPM protects the system start-up process by ensuring it is tamper-free before releasing system control to the operating system. A TPM device provides secured storage to store data, such as security keys and passwords. In addition, a TPM device has encryption and hash functions.
2 Intel® Trusted Platform Module Hardware User’s Guide
2 Intel® Trusted Platform Module Hardware Installation Requirements • Intel® Trusted Platform Module , with the provided standoffs • A host system/board with the TPM connector on the board The TPM docks into a connector on the baseboard and is retained by a tamper resistant screw. Below is a drawing of the physical dimension of the TPM. Note: Measurements are in millimeters. Figure 2.
Installing the TPM To install the TPM, follow these steps: 1. Turn off the power to the system, all drives, enclosures, and system components. Remove the power cord(s). 2. Remove the server cover. For instructions, see your server system documentation. 3. Insert the standoff into the hole in the server/workstation board and insert the TPM connector into the connector in the board. To locate the TPM connector and the hole on your server/workstation board, see your server/workstation board documentation. 4.
3 Configuring the TPM TPM Security BIOS The BIOS TPM support conforms to the TPM PC Client Specific – Implementation Specification for Conventional BIOS, version 1.2, and to the TPM Interface specification, version 1.2. The BIOS adheres to the Microsoft Vista BitLocker* requirement. The role of the BIOS for TPM security includes the following: • Measures and stores the boot process in the TPM microcontroller to allow a TPM enabled operating system to verify system boot integrity.
TPM Security Setup Options The BIOS TPM Setup allows the operator to view the current TPM state and to carry out rudimentary TPM administrative operations. Performing TPM administrative options through the BIOS setup requires TPM physical presence verification. Using BIOS TPM Setup, the operator can turn ON or OFF TPM functionality and clear the TPM ownership contents. After the requested TPM BIOS Setup operation is carried out, the option reverts to No Operation.
Table 1. TPM Setup Utility – Security Configuration Screen Fields Setup Item Options • TPM State • • • Enabled and Activated Enabled and Deactivated Disabled and Activated Disabled and Deactivated Help Text — Comments Information only. • • • • • • • • TPM Administrative Control No Operation Turn On Turn Off Clear Ownership • [No Operation] - No changes to current state. • [Turn On] - Enables and activates TPM. • [Turn Off] - Disables and deactivates TPM.
mechanisms, rooted in hardware, that are necessary to provide trust in the application's execution environment. In turn, this can help to protect vital data and processes from being compromised by malicious software running on the platform. Long available on client platforms, Intel is now enabling Intel TXT on selected server platforms as well. Intel® TXT hardware overview Implementation of a Trusted Execution Technology-enabled platform requires a number of hardware enhancements.
Intel® TXT Setup: 1. Go to BIOS Setup Menu, Advanced > Processor Configuration, set Intel® Virtualization Technology, Intel® VT for Directed I/O, and Intel® (SMX) Safer Mode Extensions option as Enabled. 2. Set Intel® TXT as Enabled. 3. Press F10 to save and exit. Now Intel® TXT is successfully enabled. Intel® TPM Setup: 1. Enable TPM: Go to BIOS setup Menu page, Security Tab, set administrator password. 2. After administrator password is setup, press F10 to save and exit BIOS setup. 3.
10 Intel® Trusted Platform Module Hardware User’s Guide
4 Intel® Trusted Platform Module Characteristics TPM Connector List & Pinouts The Intel® TPM connects to the Intel® server board via the FCI* 20021321-00014D4LF, or equivalent connector on the server board. Table 2.
12 Intel® Trusted Platform Module Hardware User’s Guide
Appendix A: Installation/Assembly Safety Instructions As you use your computer system, observe these safety guidelines: • Do not operate your computer system with any cover(s) (such as computer covers, bezels, filler brackets, and front-panel inserts) removed. • To help avoid damaging your computer, be sure the voltage selection switch on the power supply is set to match the alternating current (AC) power available at your location.
Additional safety guidelines: • When you disconnect a cable, pull on its connector or on its strain-relief loop, not on the cable itself. Some cables have a connector with locking tabs; if you are disconnecting this type of cable, press in on the locking tabs before disconnect the cable. As you pull connectors apart, keep them evenly aligned to avoid bending any connector pins. Also, before you connect a cable, make sure both connectors are correctly oriented and aligned.
English Read all caution and safety statements in this document before performing any of the instructions. See also Intel® Server Boards and Server Chassis Safety Information on the Resource CD and/or at http://www.intel.com/support/motherboards/server/sb/cs-010770.htm. The power button on the system does not turn off system AC power. To remove AC power from the system, you must unplug each AC power cord from the wall outlet or power supply.
A microprocessor and heat sink may be hot if the system has been running. Also, there may be sharp pins and edges on some board and chassis parts. Contact should be made with care. Consider wearing protective gloves. Deutsch Lesen Sie zunächst sämtliche Warn- und Sicherheitshinweise in diesem Dokument, bevor Sie eine der Anweisungen ausführen. Beachten Sie hierzu auch die Sicherheitshinweise zu Intel-Serverplatinen und -Servergehäusen auf der Ressourcen-CD oder unter http://www.intel.
SICHERHEITSMASSNAHMEN: Immer wenn Sie die Gehäuseabdeckung abnehmen um an das Systeminnere zu gelangen, sollten Sie folgende Schritte beachten: 1. Schalten Sie alle an Ihr System angeschlossenen Peripheriegeräte aus. 2. Schalten Sie das System mit dem Hauptschalter aus. 3. Ziehen Sie den Stromanschlußstecker Ihres Systems aus der Steckdose. 4. Auf der Rückseite des Systems beschriften und ziehen Sie alle Anschlußkabel von den I/O Anschlüssen oder Ports ab. 5.
Notez que le commutateur CC de mise sous tension /hors tension du panneau avant n'éteint pas l'alimentation CA du système. Pour mettre le système hors tension, vous devez débrancher chaque câble d'alimentation de sa prise. C'est le câble d'alimentation qui est considéré comme le moyen de se déconnecter du CA. La prise à laquelle le système est branché doit se situer à proximité de l'équipement et être facilement accessible.
Le microprocesseur et le dissipateur de chaleur peuvent être chauds si le système a été sous tension. Faites également attention aux broches aiguës des cartes et aux bords tranchants du capot. Nous vous recommandons l'usage de gants de protection. Español Lea todas las declaraciones de seguridad y precaucion de este documento antes de realizar cualquiera de las instrucciones. Vea Intel® Server Boards and Server Chassis Safety Information en el CD Resource y/o en http://www.intel.
Para obtener un enfriamiento y un flujo de aire adecuados, reinstale siempre las tapas del chasis antes de poner en marcha el sistema. Si pone en funcionamiento el sistema sin las tapas bien colocadas puede dañar los componentes del sistema. Para instalar las tapas: 1. Asegúrese primero de no haber dejado herramientas o componentes sueltos dentro del sistema. 2. Compruebe que los cables, las placas adicionales y otros componentes se hayan instalado correctamente. 3.
PASSI DI SICUREZZA: Qualora si rimuovano le coperture del telaio per accedere all'interno del sistema, seguire i seguenti passi: 1. Spegnere tutti i dispositivi periferici collegati al sistema. 2. Spegnere il sistema, usando il pulsante spento/acceso dell'interruttore del sistema. 3. Togliere tutte le spine dei cavi del sistema dalle prese elettriche. 4. Identificare e sconnettere tutti i cavi attaccati ai collegamenti I/O od alle prese installate sul retro del sistema. 5.
22 Intel® Trusted Platform Module Hardware User’s Guide
Appendix B: Regulatory and Certification Information Product Safety and EMC Compliance This Intel® TPM has been evaluated for regulatory compliance as an Intel end system, and is included as part of the end system certification. For information on end system certification, refer to the product regulatory certification for the end system level product.
24 Intel® Trusted Platform Module Hardware User’s Guide