Manualshelf

Administrator Guide

ManualsBrandsDell ManualsConverged InfrastructureWyse 5470
121122123124125126127128129130
Trusted Platform Module version 2.0
ThinOS-based thin client supports disk encryption and decryption through Trusted Platform Module (TPM) version 2.0.
Measured boot—SHA1 (Secure Hash Algorithm 1) is used to produce a hash value for ThinOS image, and extend the integrity
measurement into Platform Configuration Registers (PCR) inside TPM—TPM_PCR16. This is used to generate disk encryption or
decryption key.
Disk encryption/decryption key
Disk C with user data and Disk B with system libraries are encrypted.
Prestored KeyStub and TPM_PCR16 are used to generate disk encryption and decryption keys through TPM. The actual
implementation is based on TPM-unseal operation.
If the key is modified, the key fails to verify the specific disk partition. The disk partition is formatted to make the partition valid.
After the disk partition is formatted, some user configurations, such as display settings, user certificates, wireless settings—except
the first SSID, as it is saved in NVRAM—cookie, and mirror file server data, are lost.
8
122 Trusted Platform Module version 2.0