Specifications
BIOS Role in Server Management QSSC-S4R Technical Product Specification
232
x Measures and stores the boot process in the TPM microcontroller to allow a TPM enabled OS to verify system boot
integrity.
x Produces EFI and legacy interfaces to a TPM enabled OS for utilizing TPM.
x Produces ACPI TPM device and methods to allow a TPM enabled OS to send TPM administrative command
requests to the BIOS.
x Verifies operator physical presence. Confirms and executes OS TPM administrative command requests.
x Provides BIOS Setup options to change TPM security states and to clear TPM ownership.
For additional details, refer to the
TCG PC Client Specific Implementation Specification for Conventional BIOS, TCG
PC Client Specific Physical Presence Interface Specification
and Microsoft Windows Vista* BitLocker Client Platform
Requirements
.
20.6.3.2 Physical Presence
Administrative operations to the TPM require TPM ownership or the physical presence indication by the operator to
confirm the execution of the administrative operations. The BIOS implements operator presence indication by verifying
the setup Administrator password.
A TPM administrative sequence invoked from the OS proceeds as follows:
1. User makes a TPM administrative request through the operating system‘s security software.
2. The OS requests the BIOS to execute the TPM administrative command through TPM ACPI methods, and then
resets the system.
3. The BIOS verifies the physical presence and confirms the command with the operator.
4. The BIOS executes the TPM administrative command(s), inhibits the BIOS Setup entry and boots directly to the
OS that requested the TPM command(s).
20.6.3.3 TPM Security Setup Options
BIOS TPM setup allows the operator to view the current TPM state and to carry out basic TPM administrative
operations. Performing TPM administrative options through the BIOS setup requires TPM physical presence
verification.
Using the BIOS TPM setup, the operator can turn the TPM functionality ON or OFF and clear the TPM ownership
contents. After the requested TPM BIOS setup operation is carried out, the option reverts to “No Operation”.
The BIOS TPM setup also displays the current state of the TPM, that is, indicates whether the TPM is enabled or
disabled and activated or deactivated. Note that while utilizing TPM, a TPM-enabled OS or application may change the
TPM state independent of the BIOS setup. When an OS modifies the TPM state, the BIOS setup displays the updated
TPM state.
The BIOS TPM setup Clear option allows the operator to clear the TPM ownership key and take control of the system
with TPM. This option is used to clear security settings for a newly initialized system or to clear a system for which the
TPM ownership security key has been lost.