ProLiant Servers (ML,DL,SL)
cancel
Showing results for 
Search instead for 
Did you mean: 

need explanation TPM Binding (DL 380 Gen 9)

 
Highlighted
PhS-
Advisor

need explanation TPM Binding (DL 380 Gen 9)

Hello, 

I would like some clarification on the BIOS Option "TPM Binding" 

• TPM Binding — Sets whether data is encrypted using a TPM bind key, a unique RSA key.

Which Data are we talking about ? What is the TPM Bind key ( compare to the TPM not-bind? key )

Context :DL380 Gen 9 / Windows Server 2016 - 2019 / Bitlocker / TPM attestation ... etc etc

 

Thank you in advance.  

2 REPLIES 2
Highlighted

Re: need explanation TPM Binding (DL 380 Gen 9)

Hello

The HPE Trusted Platform Module (TPM) works with programs such as Microsoft Windows® BitLocker™ to increase data security by storing the encryption startup key in hardware on the server, which provides a more secure environment by pairing the drive to the server. Pairing the drive to the server helps prevent the encrypted drive from being read if inserted in a different server. The HPE TPM can also store passwords, certificates, and encryption keys that can authenticate server hardware and software through remote attestation while the measured boot capability enhances the effectiveness of anti-malware solutions.

 

The HPE TPM options conform to the Trusted Computing Group specifications and provides hardware-based authentication and tamper detection preventing a TPM from being moved to another server or replaced.

Configuring Trusted Platform Module options

Procedure
  1. From the System Utilities screen, select System Configuration > BIOS/Platform Configuration (RBSU) > Server Security > Trusted Platform Module options and press Enter.
  2. Select an option and press Enter, then select a setting for that option and press Enter again. On servers configured with an optional TPM, you can set the following:
    1. TPM 2.0 Operation—Sets the operational state of TPM 2.0. Options are:
      • No Action—There is no TPM configured.
      • Enabled—TPM and Secure Boot (when enabled) are fully functional.
      • Disabled—TPM is visible but functionality is limited. This option also resets TPM to factory settings, clearing assigned passwords, keys, or ownership data.
         
         
        NOTE: 

        Disabling TPM can prevent the server from booting to the TPM-aware operating system if the OS uses TPM measurements.

    2. TPM 2.0 Visibility—Sets whether TPM is hidden form the operating system. Options are:
      • Visible
      • Hidden—Hides TPM from the operating system. Secure Boot is disabled and TPM does not respond to any commands. Use this setting to remove TPM options from the system without having to remove the actual hardware.
    3. TPM Binding—Sets whether data is encrypted using a TPM bind key, which is a unique RSA key. Options are:
      • Enabled
      • Disabled
    4. TPM UEFI Option ROM Measurement—Enables or disables (skips) measuring UEFI PCI operation ROMs. Options are:
      • Enabled
      • Disabled
  3. Verify that your new Current TPM Type and Current TPM State settings appear at the top of the screen.
  4. Press F10.

Thank you for Contacting HPE 

 


I am an HPE Employee

Accept or Kudo

Highlighted
PhS-
Advisor

Re: need explanation TPM Binding (DL 380 Gen 9)

Hello,

Thank you for the Copy Paste from a documentation, but I am hoping for a real "human" answer.

"The HPE TPM options conform to the Trusted Computing Group specifications and provides hardware-based authentication and tamper detection preventing a TPM from being moved to another server or replaced."

I can insure you that recently the mother board was replaced and the TPM was "transported" from the deffetive montherboard to the new one .

My question is focussed on the understanding of 

3. TPM Binding—Sets whether data is encrypted using a TPM bind key, which is a unique RSA key.

What is the bind key ? (How is it different to the non-bind key)

Which data are we talking about ?