Manualshelf

Administrator Guide

ManualsBrandsDell ManualsConverged InfrastructureWyse 3010 Thin Clients/T10/T50/T00X
181182183184185186187188189190
Trusted Platform Module version 2.0
Wyse 5070 thin client supports disk encryption and decryption through Trusted Platform Module (TPM) version 2.0.
Measured bootSHA1 (Secure Hash Algorithm 1) is used to produce a hash value for ThinOS image, and extend the
integrity measurement into Platform Configuration Registers (PCR) inside TPMTPM_PCR16. This is used to generate
disk encryption or decryption key.
Disk encryption/decryption key
Disk C with user data and Disk B with system libraries are encrypted.
Prestored KeyStub and TPM_PCR16 are used to generate disk encryption and decryption keys through TPM. The
actual implementation is based on TPM-unseal operation.
If the key is modified, the key fails to verify the specific disk partition. The disk partition is formatted to make the
partition valid. The following screenshot displays the event log:
Figure 37. Event log tab
Figure 38. Event log tab
After the disk partition is formatted, some user configurations, such as display settings, user certificates, wireless
settingsexcept the first SSID, as it is saved in NVRAMcookie, and mirror file server data, are lost.
9
186 Trusted Platform Module version 2.0