beautypg.com

Enabling the trusted platform module – HP ProLiant BL680c G7 Server-Blade User Manual

Page 70

background image

Hardware options installation 70

key/password is required to enter Recovery Mode after BitLocker™ detects a possible compromise of system
integrity.
To help ensure maximum security, observe the following guidelines when retaining the recovery
key/password:

Always store the recovery key/password in multiple locations.

Always store copies of the recovery key/password away from the server blade.

Do not save the recovery key/password on the encrypted hard drive.

Enabling the Trusted Platform Module

1.

When prompted during the start-up sequence, access RBSU by pressing the F9 key.

2.

From the Main Menu, select Server Security.

3.

From the Server Security Menu, select Trusted Platform Module.

4.

From the Trusted Platform Module Menu, select TPM Functionality.

5.

Select Enable, and then press the Enter key to modify the TPM Functionality setting.

6.

Press the Esc key to exit the current menu, or press the F10 key to exit RBSU.

7.

Reboot the server blade.

8.

Enable the TPM in the OS. For OS-specific instructions, see the OS documentation.

CAUTION:

When a TPM is installed and enabled on the server blade, data access is locked if

you fail to follow the proper procedures for updating the system or option firmware, replacing the
system board, replacing a hard drive, or modifying OS application TPM settings.

For more information on firmware updates and hardware procedures, see the HP Trusted Platform Module
Best Practices White Paper
on the HP website (

http://www.hp.com/support

).

For more information on adjusting TPM usage in BitLocker™, see the Microsoft website
(

http://technet.microsoft.com/en-us/library/cc732774.aspx

).

Server updates with an HP Trusted Platform Module and

BitLocker™ enabled

When a TPM is installed and enabled in RBSU, and when the Microsoft® Windows® BitLocker™ Drive
Encryption feature is enabled, always disable BitLocker™ before performing any of the following

procedures:

Restarting the computer for maintenance without a PIN or startup key

Updating firmware

Upgrading critical early boot components

Upgrading the system board to replace or remove the TPM

Disabling or clearing the TPM

Moving a BitLocker™-protected drive to another server blade

Adding an optional PCI device, such as a storage controller or network adapter