Intel Axxtpme3 Installation manual

Intel®Trusted Platform Module

(TPM module-AXXTPME3)

Hardware User’s Guide

Intel Order Number: G21682-003

ii Intel® Trusted Platform Module Hardware User’s Guide

DISCLAIMER

INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS.

NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY

INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS

PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL

ASSUMES NO LIABILITY WHATSOEVER AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED

WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY

OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE,

MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER

INTELLECTUAL PROPERTY RIGHT.

UNLESS OTHERWISE AGREED IN WRITING BY INTEL, THE INTEL PRODUCTS ARE NOT

DESIGNED NOR INTENDED FOR ANY APPLICATION IN WHICH THE FAILURE OF THE INTEL

PRODUCT COULD CREATE A SITUATION WHERE PERSONAL INJURY OR DEATH MAY

OCCUR.

Intel may make changes to specifications and product descriptions at any time, without notice.

Designers must not rely on the absence or characteristics of any features or instructions marked

“reserved” or “undefined.” Intel reserves these for future definition and shall have no responsibility

whatsoever for conflicts or incompatibilities arising from future changes to them. The information

here is subject to change without notice. Do not finalize a design with this information.

The products described in this document may contain design defects or errors known as errata

which may cause the product to deviate from published specifications. Current characterized errata

are available on request.

Contact your local Intel sales office or your distributor to obtain the latest specifications and before

placing your product order.

Copies of documents which have an order number and are referenced in this document, or other

Intel literature, may be obtained by calling 1-800-548-4725, or go to:

http://www.intel.com/design/literature.htm

Intel®is a trademark or registered trademark of Intel Corporation or its subsidiaries in the United

States and other countries.

*Other names and brands may be claimed as the property of others.

Intel® Trusted Platform Module Hardware User’s Guide iii

Preface

This is the primary hardware guide for the Intel®Trusted Platform Module (TPM

module). It contains installation instructions and specifications.

Audience

The people who benefit from this document are:

•Engineers who are designing an Intel®TPM module.

•Anyone installing an Intel®TPM module in their Intel®server system.

Organization

This document includes the following chapters and appendices:

•Chapter 1 provides a general overview of the Intel®TPM module.

•Chapter 2 describes the procedures for installing the Intel®TPM module.

•Chapter 3 provides the procedures for configuring the Intel®TPM module.

•Chapter 4 provides the characteristics and technical specifications for the Intel®

TPM module.

•Appendix A provides safety instructions to be observed during installation and

assembly.

•Appendix B provides regulatory and certification information.

Related Publication

This is the primary hardware guide for the Intel®TPM module. It contains installation

instructions and specifications.

iv Intel® Trusted Platform Module Hardware User’s Guide

Intel® Trrusted Platform Module Hardware User’s Guide v

Table of Contents

Preface ........................................................................................................................iii

Audience ............................................................................................................................... iii

Organization ......................................................................................................................... iii

Related Publication ............................................................................................................... iii

Overview ...................................................................................................................... 1

Intel®Trusted Platform Module Hardware Installation .......................................... 3

Requirements ........................................................................................................................3

Installing the TPM module .....................................................................................................4

Configuring the TPM module .................................................................................... 5

TPM Security BIOS ................................................................................................................5

Physical Presence .................................................................................................................5

TPM Security Setup Options .................................................................................................6

Security Screen .....................................................................................................................6

Intel® Trusted Execution Technology (Intel® TXT) ...............................................................7

Overview ........................................................................................................................7

Intel® TXT hardware overview ......................................................................................8

Enabling Intel® TXT on Intel® Server Board .................................................................8

Intel®Trusted Platform Module Characteristics .................................................... 11

TPM module Connector List & Pinouts ................................................................................11

A. Installation/Assembly Safety Instructions ......................................................... 13

English .................................................................................................................................15

Deutsch ................................................................................................................................16

Français ...............................................................................................................................17

Español ................................................................................................................................19

Italiano .................................................................................................................................20

B. Regulatory and Certification Information .......................................................... 23

Product Safety and EMC Compliance .................................................................................23

vi Intel® Trrusted Platform Module Hardware User’s Guide

Intel® Trusted Platform Module Hardware User’s Guide vii

List of Figures

Figure 1. TPM module............................................................................................................... 1

Figure 2. TPM module Dimensioned Drawing........................................................................... 3

Figure 3. Setup Utility – TPM Configuration Screen.................................................................. 6

viii Intel® Trusted Platform Module Hardware User’s Guide

Intel® Trusted Platform Module Hardware User’s Guide ix

List of Tables

Table 1. TPM Setup Utility – Security Configuration Screen Fields ..........................................7

Table 2. TPM module Connector Pin-out ................................................................................11

xIntel® Trusted Platform Module Hardware User’s Guide

Intel® Trusted Platform Module Hardware User’s Guide 1

1Overview

The Intel®Trusted Platform Module (TPM) is a hardware-based security device that

addresses the growing concern on boot process integrity and offers better data protection.

TPM protects the system start-up process by ensuring it is tamper-free before releasing

system control to the operating system. A TPM device provides secured storage to store

data, such as security keys and passwords. In addition, a TPM device has encryption and

hash functions. The Intel®TPM module implements TPM as per TPM PC Client

specifications revision 1.2 by the Trusted Computing Group (TCG).

A TPM device is affixed to the motherboard of the server and is secured from external

software attacks and physical theft. A pre-boot environment, such as the BIOS and

operating system loader, uses the TPM to collect and store unique measurements from

multiple factors within the boot process to create a system fingerprint. This unique

fingerprint remains the same unless the pre-boot environment is tampered with.

Therefore, it is used to compare to future measurements to verify the integrity of the

boot process.

After the BIOS complete the measurement of its boot process, it hands off control to the

operating system loader and in turn to the operating system. If the operating system is

TPM-enabled, it compares the BIOS TPM measurements to those of previous boots to

make sure the system was not tampered with before continuing the operating system boot

process. Once the operating system is in operation, it optionally uses TPM to provide

additional system and data security (for example, Microsoft Vista* supports Bitlocker

drive encryption).

The Intel®TPM module is a common board across the series of Intel®servers and

baseboards (for a list of supported servers and baseboards, please refer:

http://www.intel.com/support/motherboards/server/sb/CS-032301.htm). The TPM module

is a small board that provides hardware level security for the server. The TPM module

docks into a connector on the baseboard and is retained by a tamper

resistant screw.

Figure 1. TPM module

2Intel® Trusted Platform Module Hardware User’s Guide

Intel® Trusted Platform Module Hardware User’s Guide 3

2Intel®Trusted Platform Module

Hardware Installation

Requirements

•Intel®Trusted Platform Module , with the provided standoffs

•A host system/board with the TPM connector on the board

The TPM module docks into a connector on the baseboard and is retained by a tamper

resistant screw. Below is a drawing of the physical dimension of the TPM module.

Note: Measurements are in millimeters.

Figure 2. TPM module Dimensioned Drawing

4Intel® Trusted Platform Module Hardware User’s Guide

Installing the TPM module

To install the TPM module, follow these steps:

1. Turn off the power to the system, all drives, enclosures, and system components.

Remove the power cord(s).

2. Remove the server cover. For instructions, see your server system documentation.

3. Insert the standoff into the hole in the server/workstation board and insert the TPM

module connector into the connector in the board. To locate the TPM module

connector and the hole on your server/workstation board, see your

server/workstation board documentation.

4. Press down gently but firmly to ensure that the module is properly seated in the

connectors, and then tighten the tamper resistant screw.

Intel® Trusted Platform Module Hardware User’s Guide 5

3Configuring the TPM module

TPM Security BIOS

The BIOS TPM support conforms to the TPM PC Client Specific – Implementation

Specification for Conventional BIOS, version 1.2, and to the TPM Interface specification,

version 1.2. The BIOS adheres to the Microsoft Vista BitLocker* requirement. The role of

the BIOS for TPM security includes the following:

•Measures and stores the boot process in the TPM microcontroller to allow a TPM

enabled operating system to verify system boot integrity.

•Produces EFI and legacy interfaces to a TPM-enabled operating system for using

TPM.

•Produces ACPI TPM device and methods to allow a TPM-enabled operating system

to send TPM administrative command requests to the BIOS.

•Verifies operator physical presence. Confirms and executes operating system TPM

administrative command

•Provides BIOS Setup options to change TPM security states and to clear TPM

ownership.

For additional details, refer to the TCG PC Client Specific Implementation Specification,

the TCG PC Client Specific Physical Presence Interface Specification, and the Microsoft

BitLocker* requirement documents.

Physical Presence

Administrative operations to the TPM require TPM ownership or physical presence

indication by the operator to confirm the execution of administrative operations. The

BIOS implements the operator presence indication by verifying the setup Administrator

password.

A TPM administrative sequence invoked from the operating system proceeds as follows:

1. User makes a TPM administrative request through the operating system’s security

software.

2. The operating system requests the BIOS to execute the TPM administrative

command through TPM ACPI methods and then resets the system.

3. The BIOS verifies the physical presence and confirms the command with the

operator.

4. The BIOS executes TPM administrative command(s), inhibits BIOS Setup entry

and boots directly to the operating system which requested the TPM command(s).

6Intel® Trusted Platform Module Hardware User’s Guide

TPM Security Setup Options

The BIOS TPM Setup allows the operator to view the current TPM state and to carry out

rudimentary TPM administrative operations. Performing TPM administrative options

through the BIOS setup requires TPM physical presence verification.

Using BIOS TPM Setup, the operator can turn ON or OFF TPM functionality and clear

the TPM ownership contents. After the requested TPM BIOS Setup operation is carried

out, the option reverts to No Operation.

The BIOS TPM Setup also displays the current state of the TPM, whether TPM is enabled

or disabled and activated or deactivated. Note that while using TPM, a TPM-enabled

operating system or application may change the TPM state independent of the BIOS

setup. When an operating system modifies the TPM state, the BIOS Setup displays the

updated TPM state.

The BIOS Setup TPM Clear option allows the operator to clear the TPM ownership key

and allows the operator to take control of the system with TPM. You use this option to

clear security settings for a newly initialized system or to clear a system for which the

TPM ownership security key was lost.

Security Screen

The Security screen provides fields to enable and set the user and administrative

passwords and to lock out the front panel buttons so they cannot be used. The Intel®

server boards support Intel®TPM module.

To access this screen from the Main screen, select the Security option.

Figure 3. Setup Utility – TPM Configuration Screen

Intel® Trusted Platform Module Hardware User’s Guide 7

Table 1. TPM Setup Utility – Security Configuration Screen Fields

Intel® Trusted Execution Technology (Intel® TXT)

Overview

Intel®Trusted Execution Technology (Intel®TXT) for safer computing, formerly code

named LaGrande Technology, is a versatile set of hardware extensions to Intel®

processors and chipsets that enhance the platform with security capabilities such as

measured launch and protected execution. Intel®TXT provides hardware-based

mechanisms that help protect against software-based attacks and protects the

confidentiality and integrity of data stored or created on the system. It does this by

enabling an environment where applications can run within their own space, protected

from all other software on the system. These capabilities provide the protection

Setup Item Options Help Text Comments

•Enabled and

Activated

•Enabled and

Deactivated

•Disabled and

Activated

•Disabled and

Deactivated

—Information only.

•Shows the current TPM device

state.

•A disabled TPM device will not

execute commands that use TPM

functions and TPM security

operations will not be available.

•An enabled and deactivated TPM

is in the same state as a disabled

TPM except setting of TPM

ownership is allowed if not

present already.

•An enabled and activated TPM

executes all commands that use

TPM functions and TPM security

operations will be available.

TPM

Administrative

Control

•No Operation

•Tur n On

•Tur n Of f

•Clear

Ownership

•[No Operation] - No

changes to current state.

•[Turn On] - Enables and

activates TPM.

•[Turn Off] - Disables and

deactivates TPM.

•[Clear Ownership] -

Removes the TPM

ownership authentication

and returns the TPM to a

factory default state.

Note: The BIOS setting

returns to [No

Operation] on every

boot cycle by default.

8Intel® Trusted Platform Module Hardware User’s Guide

mechanisms, rooted in hardware, that are necessary to provide trust in the application's

execution environment. In turn, this can help to protect vital data and processes from

being compromised by malicious software running on the platform. Long available on

client platforms, Intel is now enabling Intel TXT on selected server platforms as well.

Intel® TXT hardware overview

Implementation of a Trusted Execution Technology-enabled platform requires a number

of hardware enhancements. Key hardware elements of this platform are:

1. Processor: Extensions to the IA-32 architecture allow for the creation of multiple

execution environments, or partitions. This allows for the coexistence of a standard

(legacy) partition and protected partition, where software can run in isolation in the

protected partition, free from being observed or compromised by other software

running on the platform. Access to hardware resources (such as memory) is

hardened by enhancements in the processor and chipset hardware. Other processor

enhancements include: (1) event handling, to reduce the vulnerability of data

exposed through system events, (2) instructions to manage the protected execution

environment, (3) and instructions to establish a more secure software stack.

2. Chipset: Extensions to the chipset deliver support for key elements of this new,

more protected platform. They include: (1) the capability to enforce memory

protection policy, (2) enhancements to protect data access from memory, (3)

protected channels to graphics and input/output devices, (4) and interfaces to the

Trusted Platform Module [Version 1.2].

3. Keyboard and Mouse: Enhancements to the keyboard and mouse enable

communication between these input devices and applications running in a protected

partition to take place without being observed or compromised by unauthorized

software running on the platform.

4. Graphics: Enhancements to the graphic subsystem enable applications running

within a protected partition to send display information to the graphics frame buffer

without being observed or compromised by unauthorized software running on

the platform.

5. The TPM v. 1.2 device: Also called the Fixed Token, is bound to the platform and

connected to the PC’s LPC bus. The TPM provides the hardware-based mechanism

to store or ‘seal’ keys and other data to the platform. It also provides the hardware

mechanism to report platform attestations.

Note: For a list of servers and baseboards support Intel®TXT, please refer:

http://www.intel.com/support/motherboards/server/sb/CS-032301.htm.

Enabling Intel® TXT on Intel® Server Board

The following steps describe how to set up Intel®TXT feature:

Intel® Trusted Platform Module Hardware User’s Guide 9

Intel®TXT Setup:

1. Go to BIOS Setup Menu, Advanced > Processor Configuration, set Intel®VT

for directed I/O and Intel®TXT option as Enabled.

2. Press F10 to save and exit. Now Intel®TXT is successfully enabled.

Intel®TPM Setup:

1. Enable TPM module: Go to BIOS setup Menu page, Security Tab, set

administrator password.

2. After administrator password is setup, press F10 to save and exit BIOS setup.

3. System will automatically reboot, go to BIOS setup Menu page, Security tab, set

TPM Administrative Control as Turn ON, press F10 to save and exit

BIOS setup.

4. Go to BIOS setup Menu, Security Tab, TPM State should be

Enabled & Activated.

10 Intel® Trusted Platform Module Hardware User’s Guide

Table of contents

Languages:

Other Intel Control Unit manuals

Intel

Intel RMT3PB080 Setup guide

Intel

Intel FM5224 Operation manual

Intel

Intel RMS25KB080 Setup guide

Intel

Intel AXXTPME5 Installation manual

Intel

Intel Compute Card User manual

Intel

Intel RealSense ID Solution F450 User manual

Intel

Intel Stratix 10 User manual

Intel

Intel ESM-APLC User manual

Intel

Intel AXXRMFBU2 User manual

Intel

Intel 1000SX User manual

Intel

Intel Remote Management Module 3 User manual

Intel

Intel SBCEFCSW User manual

Popular Control Unit manuals by other brands

Astronics

Astronics Vertical Power Installation and operating manual

SONGLE

SONGLE SRD-05VDC-SL-C manual

Toro

Toro 53380 installation instructions

TECHMOR

TECHMOR AC-1-4 user manual

FAAC

FAAC E024 manual

Brother

Brother PA-CU-005 Setup guide

Quanum

Quanum Gyro user manual

Leviton

Leviton Decora Home Controls 6375 installation instructions

Straval

Straval PRS-09i FLG operating instructions

SPORTident

SPORTident BS Series instructions

Wachs

Wachs RS-2 manual

Siemens

Siemens ST950 Installation Method Statement

Snom

Snom Expansion Module V2.0 quick start guide

M-system

M-system R7ML-EC16A instruction manual

Watts

Watts 007 Series INSTRUCTION, INSTALLATION, MAINTENANCE AND REPAIR MANUAL

ICP DAS USA

ICP DAS USA tSH-735 quick start

Macnaught

Macnaught OCVF-001 instruction manual

Mutable Instruments

Mutable Instruments Blades user manual

Intel AXXTPME3 Installation manual

Popular Control Unit manuals by other brands