Using a trusted platform module, Tpm capabilities – NEC ExpressA1160 User Manual

Section 13

Using a Trusted Platform Module

A trusted platform module (TPM) is a component on each management board that can
protect the system against unauthorized access. A TPM implements security capabilities
at the hardware level in conjunction with software techniques. This strategy provides
more avenues for protection than a software-only solution that can be compromised by
an attacker. The TPM implements specifications in the Trusted Computing Group
standard, version 1.2.

On Express5800/A1160 systems, the TPM is mounted on the management board. In a
multi-cell partition, only the TPM on the boot cell can be active (the cell that contains the
compatibility hardware for the partition).

Note: An Express5800/A1160 cell does not contain a TPM if the cell is shipped to a
country where government policies restrict the use of a TPM.

WARNING

Do not enable and use a TPM without thoroughly understanding its purpose
and capabilities, how to use your key management software, and the
potential for loss of data.

13.1. TPM Capabilities

A trusted platform module (TPM) is a hardware security device on the management
board that is part of the process of system validation. The TPM enables the code on the
system to prove that it is the valid code and has not been modified. In the extreme case,
the code can prevent the system from starting if it detects that modified code is loaded.

A TPM provides the following capabilities:

•

Protection and reporting of integrity measurements, as defined by the Trusted
Computing Group specification

•

Storage of a limited number of cryptographic keys that are used to authenticate
reported measurements

•

Management of cryptographic keys

•

Random number generation

•

Binding (data that is encrypted using the TPM endorsement certificate or a trusted