Trusted platform module support, User accounts and access – HP Integrated Lights-Out 2 User Manual
Page 43
•
The iLO 2 firmware, if disabled while the Security Override Switch is set, does not log the
user out and complete the disable process until the power is cycled on the server.
•
The boot block is exposed for programming.
NOTE:
The iLO 2 Security Override Switch is located inside the server and cannot be accessed
without opening the server enclosure.
A warning message appears on iLO 2 browser pages indicating that the iLO 2 Security Override
Switch is currently in use. An iLO 2 log entry records the use of the iLO 2 Security Override Switch.
An SNMP alert can also be sent upon setting or clearing the iLO 2 Security Override Switch.
Setting the iLO 2 Security Override Switch also enables you to flash the iLO 2 boot block. HP does
not anticipate you needing to update the iLO 2 boot block. If an iLO 2 boot block update is
required, you must perform the update at the server, then and reset iLO 2. The boot block update
cannot be done remotely. The boot block is exposed until iLO 2 is reset. For maximum security,
HP recommends that you disconnect the iLO 2 from the network until you complete the reset.
To set the iLO 2 Security Override Switch:
1.
Power off the server.
2.
Set the switch.
3.
Power on the server.
Reverse the procedure to clear the iLO 2 Security Override Switch.
Depending on the server, the iLO 2 Security Override Switch might be a single jumper or a specific
switch position on a dip switch panel. To access and locate the iLO 2 Security Override Switch,
see the server documentation. The iLO 2 Security Override Switch can also be located using the
diagrams on the server access panel.
Trusted Platform Module support
TPM is a hardware based system security feature. It is a computer chip that securely stores artifacts
used to authenticate the platform. These artifacts can include passwords, certificates, or encryption
keys. You can also use a TPM to store platform measurements to help ensure that the platform
remains trustworthy. iLO 2 provides support for the TPM mezzanine module in ProLiant 100, 300,
and 500 series servers.
On a supported system, iLO 2 decodes the TPM record and passes the configuration status to iLO
2, CLP, and XML interface. The System Status page displays the TPM configuration status. If the
host system or System ROM does not support TPM, TPM Status is not displayed in Status Summary
page. The Status Summary displays the following TPM status information:
•
Not Present – A TPM module is not installed.
•
Present – when:
A TPM module is installed but it is disabled.
◦
◦
A TPM module is installed and enabled.
◦
A TPM module is installed, enabled, and Expansion ROM measuring is enabled. If
Expansion ROM measuring is enabled, the Update iLO 2 Firmware page displays a legal
warning message when you click Send firmware image.
User accounts and access
The iLO 2 firmware supports the configuration of up to 12 local user accounts. Each of these
accounts can be managed through the use of the following features:
•
•
Security
43