Table of Contents
Advertisement
Intel® Server Board S2400SC TPS
In addition to restricting access to most Setup fields to viewing only when a User password is
entered, defining a User password imposes restrictions on booting the system. In order to
simply boot in the defined boot order, no password is required. However, the F6 Boot popup
prompts for a password, and can only be used with the Administrator password. Also, when a
User password is defined, it suppresses the USB Reordering that occurs, if enabled, when a
new USB boot device is attached to the system. A User is restricted from booting in anything
other than the Boot Order defined in the Setup by an Administrator.
As a security measure, if a User or Administrator enters an incorrect password three times in a
row during the boot sequence, the system is placed into a halt state. A system reset is required
to exit out of the halt state. This feature makes it more difficult to guess or break a password.
In addition, on the next successful reboot, the Error Manager displays a Major Error code 0048,
which also logs a SEL event to alert the authorized user or administrator that a password
access failure has occurred
4.2
Trusted Platform Module (TPM) Support
Trusted Platform Module (TPM) option is a hardware-based security device that addresses the
growing concern on boot process integrity and offers better data protection. TPM protects the
system start-up process by ensuring it is tamper-free before releasing system control to the
operating system. A TPM device provides secured storage to store data, such as security keys
and passwords. In addition, a TPM device has encryption and hash functions. The server board
implements TPM as per TPM PC Client Specifications, revision 1.2, by the Trusted Computing
Group (TCG).
A TPM device is optionally installed onto a high density 14-pin connector labeled "TPM" and is
secured from external software attacks and physical theft. A pre-boot environment, such as the
BIOS and operating system loader, uses the TPM to collect and store unique measurements
from multiple factors within the boot process to create a system fingerprint. This unique
fingerprint remains the same unless the pre-boot environment is tampered with. Therefore, it is
used to compare to future measurements to verify the integrity of the boot process.
After the system BIOS completes the measurement of its boot process, it hands off control to
the operating system loader and in turn to the operating system. If the operating system is TPM-
enabled, it compares the BIOS TPM measurements to those of previous boots to make sure the
system was not tampered with before continuing the operating system boot process. Once the
operating system is in operation, it optionally uses TPM to provide additional system and data
security (for example, Microsoft Vista* supports Bitlocker drive encryption).
4.2.1
TPM security BIOS
The BIOS TPM support conforms to the TPM PC Client Specific – Implementation Specification
for Conventional BIOS, version 1.2, and to the TPM Interface Specification, version 1.2. The
BIOS adheres to the Microsoft Vista* BitLocker requirement. The role of the BIOS for TPM
security includes the following:
Measures and stores the boot process in the TPM microcontroller to allow a TPM
enabled operating system to verify system boot integrity.
Revision 2.0
Intel order number G36516-002
System Security
47
Hide quick links:
Advertisement
Table of Contents
