Owner's Manual
Table Of Contents
- User’s Guide
- Getting Started With Dell Update Packages
- Using Dell Update Packages
- Performing BIOS and Firmware Updates Using Dell Linux Online Repository
- Update and Rollback in Unified Server Configurator - Lifecycle Controller Enabled
- Command Line Interface Reference
- Linux Troubleshooting
- Known Issues
- Diagnostic Tasks Will Not Run While a DUP Reboot is Pending
- Abnormal Termination of a DUP
- Error While Loading Shared Libraries
- Insufficient Free Physical Memory to Load the BIOS Image
- Kernel Panic While Running Storage Controller Firmware Update Packages
- Loss of Functionality While Renaming Linux DUPs
- Yum and Up2date Repository Management Software Caches Incorrect Repository Metadata
- Use Dell Linux Repository with yum and Red Hat Enterprise Linux Version 4
- DUPs Fail on 64-bit Red Hat Enterprise Linux Operating System
- DUP Update of Firmware Might Fail While Running in the UEFI Mode
- Messages
- DUP Message Logs
- Known Issues
- Windows Troubleshooting and FAQs
- Index
Trusted Platform Module (TPM) and BitLocker Support 67
A
Trusted Platform Module (TPM) and
BitLocker Support
A TPM is a secure microcontroller with cryptographic capabilities designed to
provide basic security
-related functions involving encryption keys. It is
installed on the motherboard of your system, and communicates with the rest
of the system using a hardware bus. You can establish ownership of your
system and its TPM through BIOS setup commands.
TPM stores the platform configuration as a set of values in a set of
Platform Configuration Registers (PCRs). Thus one such register may store,
for example, the motherboard manufacturer; another, the processor
manufacturer; a third, the firmware version for the platform, and so on.
Systems that incorporate a TPM create a key that is tied to platform
measurements. The key can only be unwrapped when those platform
measurements have the same values that they had when the key was created.
This process is called sealing the key to the TPM. Decrypting is called
unsealing. When a sealed key is first created, the TPM records a snapshot of
configuration values and file hashes. A sealed key is only unsealed or released
when those current system values match the ones in the snapshot. BitLocker
uses sealed keys to detect attacks against the integrity of your system. Data is
locked until specific hardware or software conditions are met.
BitLocker mitigates unauthorized data access by combining two major
data
-protection procedures:
•
Encrypting the entire Windows operating system volume on the hard disk:
BitLocker encrypts all user files and system files in the operating system
volume.
•
Checking the integrity of early boot components and the boot
configuration data:
On systems that have a TPM version 1.2, BitLocker
leverages the enhanced security capabilities of the TPM and ensures that
your data is accessible only if the system’s boot components are unaltered
and the encrypted disk is located in the original system.