New Technologies - Intel S7000FC4UR Technical Product Specification

Intel® Server System S7000FC4UR TPS

20. New Technologies

20.1 Intel I/O Acceleration Technology (Intel
®
The server system supports Intel
improve network I/O performance. Intel
Cache Access (DCA) and chipset-based Crystal Beach Technology.
®
Intel I/OAT requires BIOS and operating system software support. The BIOS enables both
DCA and Crystal Beach Technology during POST.
20.2 Trusted Platform Module (TPM) Security
The Trusted Platform Module (TPM) is a hardware-based security device that addresses the
growing concern on boot process integrity and offers better data protection. TPM protects the
system start-up process by ensuring that they are tamper-free before releasing system control
to the operating system. A TPM device provides secured storage to store data, such as security
keys and passwords. In addition, a TPM device has encryption and hash functions. The Intel
Server System S7000FC4UR implements TPM as per TPM PC Client specifications revision 1.2
by the Trusted Computing Group (TCG).
A TPM device is affixed to the motherboard of the server and is secured from external software
attacks and physical theft. A pre-boot environment, such as the BIOS and operating system
loader, use the TPM to collect and store unique measurements from multiple factors within the
boot process to create a system fingerprint. This unique fingerprint remains the same unless the
pre-boot environment is tampered with. Therefore, it is used to compare to future
measurements to verify the integrity of the booting process.
After the BIOS completes measurement of its boot process, it hands off control to the operating
system loader and in turn to the operating system. If the operating system is TPM enabled, it
compares the BIOS TPM measurements to those of previous boots to make sure that the
system has not been tampered with before continuing the operating system boot process. Once
the operating system is in operation, it optionally uses TPM to provide additional system and
data security (for example, Microsoft Vista* supports Bitlocker drive encryption).
20.2.1 TPM Security BIOS
The BIOS TPM support conforms to the TPM PC Client Specific - Implementation Specification
for Conventional BIOS, version 1.2, and to the TPM Interface specification, version 1.2. The
BIOS adheres to the Microsoft Vista* BitLocker requirement. The role of the BIOS for TPM
security includes the following:
Measures and stores the boot process in the TPM microcontroller to allow a TPM
enabled operating system to verify system boot integrity.
Produces EFI and legacy interfaces to a TPM enabled operating system for utilizing
TPM.
Produces ACPI TPM device and methods to allow a TPM enabled operating system to
send TPM administrative command requests to the BIOS.
Revision 1.0
®
I/O Acceleration Technology (Intel
®
I/OAT support consists of both processor-based Direct
I/OAT)
®
®
I/OAT) version 1.0 to
New Technologies
247