TPM on the Vault

Print
You are here:

Overview

The Trusted Platform Module (TPM) is a dedicated, secure microcontroller used for cryptographic operations. A TPM is used to generate, store, and manage cryptographic keys. TPM is a standard defined by ISO/IEC 11889.TPM technology is becoming more popular as a mechanism to guarantee device integrity. As an example, Windows 11 requires a TPM 2.0 in order to install the OS. A key feature of TPM is that it can be used to “measure” the boot process as it proceeds through various stages. Each stage is checked against key(s) signed by a known authority. This must be implemented in the BIOS, it does not occur simply by installing the module in the unit. Protectli currently has not implemented this feature, plans to implement Secure Boot in a future release of BIOS.  

TPM Hardware

The Protectli TPM is a small circuit board with a connector that uses the Infineon SLB 9660TT upgraded to TPM 2.0. The Protectli TPM is only compatible with the VP2410.

The TPM has a keyed pin on the connector, so pin 4 of the TPM header must be clipped in order to insert the module onto the board.

When the TPM is ordered with the VP2410, it comes inserted on the board.

If the TPM is ordered separately, pin4 must be clipped.

In order to clip the pin with a standard dykes, the board must be removed from the chassis.

 

 

BIOS

In order to use TPM with AMI BIOS,, it must be enabled in the BIOS.

When booting, press the DEL key to get to the BIOS and enable the following settings:

Advanced->Trusted Computing->Security Device Sup : [Enable]

Advanced->Trusted Computing->TPM Device : [Enable]  

OS

Although Protectli has not implemented Secure Boot in BIOS, the TPM may be utilized if the OS supports it. As an example, Ubuntu 20.04 uses the  TMP2 tools package and there is an article on Disk Encryption at: https://tpm2-software.github.io/2020/04/13/Disk-Encryption.html  

Summary

This has been a quick introduction to the Protectli TPM.

As always, if you have any questions, feel free to contact support at support@protectli.com        

Table of Contents