Trusted platform module – HP ProLiant Support Pack User Manual
Page 17
Introduction 17
Deploying components not on Smart Update Firmware DVD
If you have components that are not on the HP Smart Update Firmware DVD that you want to deploy, you
can include other smart components to the HP SUM environment. To deploy software and firmware
components that are not on the HP Smart Update Firmware DVD:
1.
Obtain the components from the HP website
2.
Create a bootable USB key, or copy the \hp\swpackages directory to the hard drive, and then
remove the read-only bit.
3.
Add the components to the \hp\swpackages directory on the USB key or to the directory on the
hard drive with the components from the HP Smart Update Firmware DVD.
4.
Start HP SUM.
5.
On the Source Selection screen, you can specify the directory where all of the components are
located as well as select the Check ftp.hp.com box if you want to include the latest version of
software and firmware components from the HP website
6.
Select the checkbox for non-bundle versions, and then click OK.
Trusted Platform Module
The TPM, when used with BitLocker, measures a system state and, upon detection of a changed ROM
image, restricts access to the Windows® file system if the user cannot provide the recovery key. HP Smart
Update Manager detects if a TPM is enabled in your system. If a TPM is detected in your system or with
any remote server selected as a target, for some newer models of ProLiant, HP Smart Update Manager
utilities for iLO, Smart Array, NIC, and BIOS warn users prior to a flash. If the user does not temporarily
disable BitLocker and does not cancel the flash, the BitLocker recovery key is needed to access the user
data upon reboot.
A recovery event is triggered if:
•
The user does not temporarily disable BitLocker before flashing the System BIOS when using the
Microsoft BitLocker Drive Encryption.
•
The user has optionally selected to measure iLO, Smart Array, and NIC firmware.
If HP Smart Update Manager detects a TPM, a pop-up warning message appears.
To enable firmware updates without the need to type in the TPM password on each server, the BitLocker
Drive Encryption must be temporarily disabled. Disabling the BitLocker Drive Encryption keeps the hard
drive data encrypted. However, BitLocker uses a plain text decryption key that is stored on the hard drive
to read the information. After the firmware updates have been completed, the BitLocker Drive Encryption
can be re-enabled. Once the BitLocker Drive Encryption has been re-enabled, the plain text key is
removed and BitLocker secures the drive again.