Warning, Bios tpm settings – NEC ExpressA1160 User Manual

Taking Ownership of a TPM

13-3

1. Be sure that you fully understand TPM certificates and use of security keys in your

environment, as explained in

13.2 Understanding TPM Certificates

, the Trusted

Computing Group specification, and any documentation for your key management
software.

2. Enable the TPM using the BIOS interface, as explained in

13.3.1 BIOS TPM

Settings

and

13.3.2 Enabling a TPM Using BIOS Interface

.

3. Set the TPM Physically Present indicator using the EXPRESSSCOPE® Monitor

interface, if requested by the software (refer to

13.4 TPM Physically Present

Indicator

).

4. Perform administrative tasks, such as generating and saving keys and establishing

passwords, using key management software and following procedures in its
documentation.

5. Clear the TPM Physically Present indicator using the EXPRESSSCOPE® Monitor

interface when you are finished performing administrative tasks.

Once enabled, a TPM stays enabled regardless of reboots and power cycles.

Note: Physical presence can also be controlled by using the Trusted Computing Group
PC Client specification operations and causing a reboot.

WARNING

Enabling a TPM has a significant impact on system operation. Enable the
TPM for a partition only if you are very knowledgeable about the use of an
enabled TPM. Following improper procedures when a TPM is enabled can
have a significant negative impact on system operations and, perhaps, loss
of data.

The following sections provide information and procedures for some of the preceding
steps.

13.3.1. BIOS TPM Settings

The BIOS security window contains the options TPM Operation and TPM Force Clear to
manage the TPM on the management board. These options and their settings and
actions are documented in the Trusted Computing Group specification.

TPM Operation

TPM Operation has three settings: No action on next boot, Enable, and Disable.