Hpe Trusted Platform Module 2.0 Guidelines - HPE ProLiant XL170r Gen10 User Manual

1. Installing the Trusted Platform Module board.
2. Enabling the Trusted Platform Module.
3. Retaining the recovery key/password.
HPE TPM 2.0 installation is supported with specific operating system support such as Microsoft
Windows Server
product QuickSpecs on the Hewlett Packard Enterprise website (http://www.hpe.com/info/qs). For more
information about Microsoft
(http://www.microsoft.com).
CAUTION: Chipset-TPM is not available after the HPE TPM 2.0 Gen10 Kit is installed and
configured in System Utilities. Do not install the HPE TPM 2.0 Gen10 Kit if Chipset-TPM is enabled
and the operating system is using Chipset-TPM features. Otherwise, the OS may go into recovery
mode, data loss can occur, or both. If an OS is installed and using Chipset-TPM, follow the OS
vendor instructions to disable the OS TPM features before changing any TPM functionality.
CAUTION: If the TPM is removed from the original server and powered up on a different server,
data stored in the TPM including keys will be erased.
IMPORTANT: In UEFI Boot Mode, the HPE TPM 2.0 Gen10 Kit can be configured to operate as
TPM 2.0 (default) or TPM 1.2 on a supported server. In Legacy Boot Mode, the configuration can be
changed between TPM 1.2 and TPM 2.0, but only TPM 1.2 operation is supported.

HPE Trusted Platform Module 2.0 Guidelines

CAUTION: Always observe the guidelines in this document. Failure to follow these guidelines can
cause hardware damage or halt data access.
When installing or replacing a TPM, observe the following guidelines:
• Do not remove an installed TPM. Once installed, the TPM is bound to the system board. If an OS is
configured to use the TPM and it is removed, the OS may go into recovery mode, data loss can occur,
or both.
• When installing or replacing hardware, Hewlett Packard Enterprise service providers cannot enable
the TPM or the encryption technology. For security reasons, only the customer can enable these
features.
• When returning a system board for service replacement, do not remove the TPM from the system
board. When requested, Hewlett Packard Enterprise Service provides a TPM with the spare system
board.
• Any attempt to remove the cover of an installed TPM from the system board can damage the TPM
cover, the TPM, and the system board.
• If the TPM is removed from the original server and powered up on a different server, data stored in the
TPM including keys will be erased.
58 HPE Trusted Platform Module 2.0 Guidelines
®
2012 R2 and later. For more information about operating system support, see the
® ®
Windows BitLocker Drive Encryption feature, see the Microsoft website
®