Supermicro X13DSF-A User Manual page 120

Super X13DSF-A User's Manual
Platform Hierarchy (Available when "Security Device Support" is set to Enable) (for
TPM version 2.0 and above)
Select Enabled for TPM Platform Hierarchy support which allows the manufacturer to utilize
the cryptographic algorithm to define a constant key or a fixed set of keys to be used for initial
system boot. These early boot codes are shipped with the platform and are included in the
list of "public keys". During system boot, the platform firmware uses the trusted public keys
to verify a digital signature in an attempt to manage and control the security of the platform
firmware used in a host system via a TPM device. The options are Disabled and Enabled.
Storage Hierarchy (Available when "Security Device Support" is set to Enable)
Select Enabled for TPM Storage Hierarchy support that is intended to be used for non-privacy-
sensitive operations by a platform owner such as an IT professional or the end user. Storage
Hierarchy has an owner policy and an authorization value, both of which can be set and are
held constant (-rarely changed) through reboots. This hierarchy can be cleared or changed
independently of the other hierarchies. The options are Disabled and Enabled.
Endorsement Hierarchy (Available when "Security Device Support" is set to Enable)
Select Enabled for Endorsement Hierarchy support, which contains separate controls to
address the user's privacy concerns because the primary keys in the hierarchy are certified
by the TPM key or by a manufacturer with restrictions on how an authentic TPM device that is
attached to an authentic platform can be accessed and used. A primary key can be encrypted
and certified with a certificate created by using TPM2_ ActivateCredential, which allows the
user to independently enable "flag, policy, and authorization values" without involving other
hierarchies. A user with privacy concerns can disable the endorsement hierarchy while still
using the storage hierarchy for TPM applications, permitting the platform software to use the
TPM. The options are Disabled and Enabled.
PH Randomization (for TPM version 2.0 and above)
Select Enabled for Platform Hierarchy (PH) Randomization support, which is used only during
the platform developmental stage. This feature cannot be enabled in the production platforms.
The options are Disabled and Enabled.
Disable Block Sid (Available when your motherboard supports NVMe)
Select Enabled to allow SID authentication to be performed in TCG Storage devices. The
options are Disabled and Enabled.
Supermicro BIOS-Based TPM Provision Support
If this feature is set to Enabled, Supermicro BIOS-based TPM provision will be supported.
The options are Disabled and Enabled.
Note: Enabling this feature will lock your TPM on the production platform, and you will
not be able to delete the NV indexes.
120