Manualshelf

Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureData Guardian
181182183184185186187188189190
Security Management Server v10.2.7 AdminHelp
169
Configure Specific
BIOS TPM Platform
Settings
PCR0,on
PCR1,off
PCR2,on
PCR3,off
PCR4,on
PCR5,off
PCR6,off
PCR7,off
PCR8,on
PCR9,on
PCR10,on
PCR11,on
PCR12,off
PCR13,off
PCR14,off
PCR15,off
PCR16,off
PCR17,off
PCR18,off
PCR19,off
PCR20,off
PCR21,off
PCR22,off
PCR23,off
This policy setting allows you to configure how the computer's TPM
security hardware secures the BitLocker encryption key. This setting
determines what values the TPM measures when it validates early boot
components before unlocking an operating system drive on a computer
with BIOS configuration or with UEFI firmware that has the Compatibility
Support Module (CSM) enabled.
If you enable this policy before turning on BitLocker, you can configure the
boot components that the TPM will validate before unlocking access to the
BitLocker-encrypted operating system drive. If any of these components
change while BitLocker protection is in effect, the TPM does not release
the encryption key to unlock the drive and the computer will instead
display the BitLocker recovery console and require that either the recovery
password or recovery key be provided to unlock the drive.
To use this policy, Configure BIOS TPM Platform Validation Profile must be
set to Selected.
Configure UEFI TPM
Platform Validation
Profile
Not Selected
Selected
Not Selected
Set to Selected to enable boot up UEFI TPM drive unlocking. Selected
allows the configuration of how the UEFI TPM security hardware secures
the BitLocker encryption key. This policy does not apply if the computer
does not have a compatible TPM or if BitLocker has already been turned
on
with TPM protection.
This policy must be set to Selected to use the policy Configure Specific UEFI
TPM Platform Settings.
See http://technet.microsoft.com/en-
us/library/jj679890.aspx#BKMK_tpmvaluefi for more information.
Configure Specific
UEFI TPM Platform
Settings
PCR0,on
PCR1,off
PCR2,on
PCR3,off
PCR4,on
PCR5,off
PCR6,off
PCR7,off
PCR8,off
PCR9,off
PCR10,off
PCR11,on
PCR12,off
PCR13,off
PCR14,off
PCR15,off
PCR16,off
PCR17,off
PCR18,off
PCR19,off
PCR20,off
PCR21,off
PCR22,off
PCR23,off
This policy setting allows you to configure how the computer's TPM
security hardware secures the BitLocker encryption key. This setting
determines what values the TPM measures when it validates early boot
components before unlocking an operating system drive on a computer
with native UEFI firmware configurations.
If you enable this policy before turning on BitLocker, you can configure the
boot components that the TPM
will validate before unlocking access to the
BitLocker-encrypted operating system drive. If any of these components
change while BitLocker protection is in effect, the TPM does not release
the encryption key to unlock the drive and the computer will instead
display the BitLocker recovery console and require that either the recovery
password or recovery key be provided to unlock the drive.
To use this policy, Configure UEFI TPM Platform Validation Profile must be
set to Selected.
See basic settings