Configuring Trusted Computing
The Trusted Platform Module (TPM) is a component of most modern computer systems. It is classified as a secure crypto processor. It is used to help assure the integrity of the platform. It is used as part of the secure boot process to store and report on certain security metrics during the boot process. On some systems it is also used to securely store a full-disk encryption key.
The Trusted Computing Group continues to revise the TPM specifications. There are currently two versions of the specification deployed; 1.2 and 2.0. When possible, update to TPM 2.0 compliance. TPM 2.0 supports newer cryptographic algorithms. It also is more flexible when cryptographic algorithms need to change.
Only systems that support UEFI can update to TPM 2.0 or TPM 1.2 compliance so only change to TPM 2.0 or TPM 1.2 if your system supports UEFI.
Start the System Setup Utility. See Get started.
On the Security menu, select . Ensure that Security device support is set to Enable.
When Security device support is set to Enable, the TPM State item is displayed. Set TPM State to Enable. (Only support on TPM 1.2.)
Press F4 to save settings and exit the System Setup Utility. The server will restart in order to enable the TPM function.
NoteBefore you configure Trusted Computing or Secure Boot function, set the hardware Physical Presence jumper on the system board to assert Physical Presence first. On theSecurity menu, select . Ensure that Physical Presence is Asserted or Not Asserted.
Trusted Computing submenu for TPM20 Device Found
| Submenu item | Options | Description |
|---|---|---|
| Configuration | ||
| TPM20 Device Found | ||
| Firmware Version: | 7.2 | Show the firmware version. |
| Vendor: | NTC | Show the vendor. |
| Physical Presence | Not Asserted. | Show the physical presence information. |
| Security Device Support | Enable | Disable | Enables or disables BIOS support for security device. O.S. will not show Security Device. TCG EFI protocol and INT1A interface will not be available. The default option is Enable. |
| Active PCR banks | N/A | Show the active PCR bank. |
| Available PCR banks | N/A | Show the available PCR banks. |
| SHA-1 PCR Bank | Enable | Disable | Enable or Disable SHA-1 PCR Bank. The default option is Enable. |
| SHA256 PCR Bank | Enable | Disable | Enable or Disable SHA256 PCR Bank. The default option is Enable. |
| SHA384 PCR Bank | Enable | Disable | Enable or Disable SHA384 PCR Bank. The default option is Disable. |
| Pending operation | None | TPM Clear | Schedule an Operation for the Security Device. Note NOTE: Your Computer will reboot during restart in order to change State of Security Device. The default option is None. |
| Platform Hierarchy | Enable | Disable | Enable or disable platform hierarchy. The default option is Enable. |
| Storage Hierarchy | Enable | Disable | Enable or disable storage hierarchy. The default option is Enable. |
| Endorsement Hierarchy | Enable | Disable | Enable or disable endorsement hierarchy. The default option is Enable. |
| TPM2.0 UEFI Spec Version | TCG_1_2 | TCG_2 | Select the TCG2 Spec Version Support. TCG_1_2:compatible mode for Win8/Win10. TCG_2: Support new TCG2 protocol and event format for Win10 or later. The default option is TCG_2. |
| Physical Presence Spec Version | 1.2 | 1.3 | Select to Tell O.S. to support PPI Spec Version 1.2 or 1.3. Note some HCK tests might not support 1.3. The default option is 1.3. |
| TPM 20 InterfaceType | TIS | Show the TPM 20 interface type. |
Trusted Computing submenu for TPM12 Device Found
| Submenu item | Options | Description |
|---|---|---|
| Configuration | ||
| Physical Presence | Not Asserted. | Show the physical presence information. |
| Security Device Support | Enable | Disable | Enables or disables BIOS support for security device. O.S. will not show Security Device. TCG EFI protocol and INT1A interface will not be available. The default option is Enable. |
| Active PCR banks | SHA-1, SHA256 | Show the currently active PCR banks. |
| Available PCR banks | SHA-1, SHA256, SHA384 | Show the currently available PCR banks. |
| SHA-1 PCR Bank | Enable | Disable | Enable or Disable SHA-1 PCR Bank. The default option is Enable. |
| SHA256 PCR Bank | Enable | Disable | Enable or Disable SHA256 PCR Bank. The default option is Enable. |
| SHA384 PCR Bank | Enable | Disable | Enable or Disable SHA384 PCR Bank. The default option is Disable. |
| TPM State | Enable | Disable | Enable or disable Security Device. Note Your Computer will reboot during restart in order to change State of the Device. The default option is Enable. |
| Pending operation | None | TPM Clear | Schedule an Operation for the Security Device. Note Your Computer will reboot during restart in order to change State of Security Device. The default option is None. |
| Current Status Information | ||
| TPM Enabled Status: | N/A | Show the current TPM enabled status. |
| TPM Active Status: | N/A | Show the current TPM active status. |
| TPM Owner Status: | N/A | Show the current TPM owner status. |