Table of Contents
Advertisement
Intel® Server Board M50CYP2SB Family Technical Product Specification
The BIOS Setup TPM Clear option allows the operator to clear the TPM ownership key and allows the
operator to take control of the system with TPM. You use this option to clear security settings for a newly
initialized system or to clear a system for which the TPM ownership security key was lost.
12.7 Intel® CBnT – Converged Intel® Boot Guard and Trusted Execution
Technology (Intel® TXT)
Previous generation Intel servers supported Intel® Boot Guard and Intel® Trusted Execution Technology
(Intel® TXT).
Intel® Boot Guard
•
Provides mechanism to authenticate the
initial BIOS Code, before BIOS starts
•
Hardware-based Static Root of Trust for
Measurement (SRTM)
•
Defends against attackers
replacing/modifying the platform firmware
The two security features combined included some redundancies and inefficiencies between them. With this
product generation, Intel rearchitected and fused together the two technologies into Intel® CBnT (Converged
Intel® Boot Guard and Trusted Execution Technology). Combining the two technologies into one made them
more efficient, eliminated redundancies between them, simplified their implementation, and provided
stronger protections.
For more information, visit
https://www.intel.com/content/www/us/en/support/articles/000025873/technologies.html
12.8 Unified Extensible Firmware Interface (UEFI) Secure Boot Technology
UEFI secure boot technology defines how a platform's firmware can authenticate a digitally signed UEFI
image, such as an operating system loader or a UEFI driver stored in an option ROM. This situation provides
the capability to ensure that those UEFI images are only loaded in an owner authorized fashion and provides
a common means to ensure platform security and integrity over systems running UEFI-based firmware. The
Intel Server Board M50CYP2SB family BIOS is compliant with the UEFI Specification 2.3.1 Errata C for UEFI
secure boot feature.
UEFI secure boot requires native UEFI boot mode and it disables legacy Option ROM dispatch. By default,
secure boot on Intel server boards is disabled as the default boot mode is legacy mode.
To enable / disable UEFI Secure Boot in the BIOS Setup menu, select Boot Maintenance Manager >
Advanced Boot Options > Secure Boot Configuration.
For more information on UEFI Secure Boot Technology, refer to the BIOS Setup Utility User Guide for the
Intel® Server Boards D50TNP, M50CYP, and D40AMP Families and the BIOS Firmware External Product
Specification (EPS) for the Intel® Server Boards D50TNP, M50CYP, and D40AMP Families.
106
Intel® TXT
•
Provides the ability to attest the
authenticity of a platform configuration
and OS environment; Establish trust
•
Hardware-based Dynamic Root of Trust
for Measurement (DRTM)
•
Defends against software-based attacks
aimed at stealing sensitive information
Advertisement
Table of Contents
