Tpm support – HP Integrated Lights-Out 3 User Manual

Ramifications of setting the iLO Security Override Switch include the following:

•

All security authorization verifications are disabled when the switch is set.

•

iLO RBSU runs if the host server is reset.

•

iLO is not disabled and might be displayed on the network as configured.

•

iLO, if disabled when the switch is set, does not log out the user and complete the disable
process until the power is cycled on the server.

•

The boot block is exposed for programming.

•

A warning message is displayed on iLO web interface pages, indicating that the switch is
currently in use.

•

An iLO log entry records the use of the switch.

When iLO boots after you set or clear the iLO Security Override Switch, an SNMP alert is sent if
an SNMP Alert Destination is configured.

Setting the iLO Security Override Switch enables you to flash the iLO boot block. HP does not
anticipate that you will need to update the boot block. However, if an update is required, you must
be physically present at the server to reprogram the boot block and reset iLO. The boot block is
exposed until iLO is reset. For maximum security, HP recommends disconnecting iLO from the
network until the reset is complete. You must open the server enclosure to access the iLO Security
Override Switch.

To set the iLO Security Override Switch:
1.

Power off the server.

2.

Set the switch.

3.

Power on the server.

Reverse this procedure to clear the iLO Security Override Switch.

Depending on the server, the iLO Security Override Switch might be a single jumper or a specific
switch position on a DIP switch panel. For information about accessing the iLO Security Override
Switch, see the server documentation or use the diagrams on the server access panel.

TPM support

A TPM is a computer chip that securely stores artifacts used to authenticate the platform. These
artifacts can include passwords, certificates, or encryption keys. You can also use a TPM to store
platform measurements to make sure that the platform remains trustworthy.

On a supported system, iLO decodes the TPM record and passes the configuration status to iLO,
the CLP, and the XML interface. The iLO Overview page displays the following TPM status
information:

•

Not Supported—A TPM is not supported.

•

Not Present—A TPM is not installed.

•

Present—This indicates one of the following statuses:

A TPM is installed but is disabled.

◦

◦

A TPM is installed and enabled.

◦

A TPM is installed and enabled, and Expansion ROM measuring is enabled. If Expansion
ROM measuring is enabled, the Update Firmware page displays a legal warning message
when you click Upload.

Configuring iLO security

45