Trusted Execution Technology and Tboot Implementation
2 
Launch Control Policy (LCP) is a verification mechanism used to verify the Intel TXT ‘verified 
launch’ processes. Based on the criteria/choice defined in the Platform Default (PD) policy 
set by the Platform Supplier (PS) or the Platform Owner (PO) policy set by the owner, the 
LCP determines whether the current platform configuration or environment meets the 
requirements and can be launched. 
System Requirements 
•  Trusted Platform Module (TPM 1.2), TXT and Virtualization Technology (VT) supported 
chipset (vPro platforms). 
•  TPM – Locked, Enabled and Activated, VT- Enabled, TXT- Enabled (discussed in next 
section) 
BIOS TXT Settings 
Enter BIOS Setup by pressing F10 during POST and execute the following steps: 
1.  Go to Security  Setup BIOS Administrator Password to enter the BIOS administrator 
password. 
2.  Go to Security  TPM Embedded Security  Embedded Security Device State  
Enabled 
3.  Go to System Configuration  Device Configurations  Virtualization Technology  
Enabled 
4.  Go to System Configuration  Device Configurations  SATA Native Mode  IDE 
(optional) 
Note: If you expect to use RAID option at some point in the future, then it is advisable to 
use AHCI/RAID option instead of IDE. Switching from IDE to AHCI/RAID will result in 
“Kernel Panic” message and makes it impossible to boot to Fedora unless you switch the 
SATA option back to IDE 
5.  Save settings and exit F10 and reboot. 
Enter BIOS setup by pressing F10 during POST, execute the following steps: 
1.  Go to System Configuration  Device Configurations  TXT Technology  Enabled 
2.  Save settings and exit F10 and reboot.  
Fedora Installation 
1.  Download the image of Fedora 7/8 (64bit) and burn it on DVD. 
2.  Start the Fedora installation. If you see any “Kernel Panic –” message or if the installation 
hangs, try adding “acpi=off” as kernel arguments (hit tab) at the grubloader. 
3.  At the “Disk Partitioning Setup” screen, select from the Drop down Menu, <Create 
custom Layout>, press <Next> 
4.  Delete any existing partitions. 
5.  Next add 3 partitions as follows and Press <Next>:  
1
st
: mount Point: "/boot", file type = ext3, size = 400  
2
nd
: file type: swap, size = 2048 
3
rd
: mount point = “/”, file type = ext3, size = fill to max 
6.  Don’t install boot loader password or select ‘configure advance boot loader options’. 
Press <Next> 










