Manualshelf

Hardware user's guide

ManualsBrandsIntel ManualsOtherIntel Server Board S2600CP4
11121314151617181920
Intel® Trusted Platform Module Hardware User’s Guide 1
1 Overview
The Intel
®
Trusted Platform Module (TPM) is a hardware-based security device that
addresses the growing concern on boot process integrity and offers better data protection.
TPM protects the system start-up process by ensuring it is tamper-free before releasing
system control to the operating system. A TPM device provides secured storage to store
data, such as security keys and passwords. In addition, a TPM device has encryption and
hash functions. The Intel
®
TPM implements TPM as per TPM PC Client specifications
revision 1.2 by the Trusted Computing Group (TCG).
A TPM device is affixed to the motherboard of the server and is secured from external
software attacks and physical theft. A pre-boot environment, such as the BIOS and
operating system loader, uses the TPM to collect and store unique measurements from
multiple factors within the boot process to create a system fingerprint. This unique
fingerprint remains the same unless the pre-boot environment is tampered with.
Therefore, it is used to compare to future measurements to verify the integrity of the
boot process.
After the BIOS complete the measurement of its boot process, it hands off control to the
operating system loader and in turn to the operating system. If the operating system is
TPM-enabled, it compares the BIOS TPM measurements to those of previous boots to
make sure the system was not tampered with before continuing the operating system boot
process. Once the operating system is in operation, it optionally uses TPM to provide
additional system and data security (for example, Microsoft Vista* supports Bitlocker
drive encryption).
The Intel
®
TPM is a common board across the series of Intel
®
servers and baseboards (for
a list of supported servers and baseboards, please refer:
http://www.intel.com/support/motherboards/server/sb/CS-032301.htm
). The TPM is a
small board that provides hardware level security for the server. The TPM docks into a
connector on the baseboard and is retained by a tamper
resistant screw.
Figure 1. TPM