Trusted Computing Menu
When the TPM 2.0 (either onboard or external) is detected by your system, the following information is displayed.
-
TPM 2.0 Device Found
-
Firmware Version:
-
Vendor:
Note: This submenu is available when the TPM 2.0 (either onboard or external) is detected by the BIOS.
Security Device Support
Select Enabled to enable BIOS support for onboard security devices, which are not displayed in the OS. If this feature is set to Enabled, TCG EFI protocol and INT1A interface will not be available. The options are Disabled and Enabled.
When "Security Device Support" is set to Enabled and the TPM 2.0 (either onboard or external) is detected by the BIOS, the following information is displayed.
-
Active PCR banks
-
Available PCR banks
Note: The following features are available when the TPM 2.0 (either onboard or external) is detected by the BIOS.
SHA-1 PCR Bank (Available when "Security Device Support" is set to Enabled)
Select Enabled to enable SHA-1 PCR Bank support to enhance system integrity and data security. The options are Disabled and Enabled.
SHA256 PCR Bank (Available when "Security Device Support" is set to Enabled)
Select Enabled to enable SHA256 PCR Bank support to enhance system integrity and data security. The options are Disabled and Enabled.
SHA384 PCR Bank (Available when "Security Device Support" is set to Enabled)
Select Enabled to enable SHA384 PCR Bank support to enhance system integrity and data security. The options are Disabled and Enabled.
Pending Operation (Available when "Security Device Support" is set to Enabled)
Use this feature to schedule a TPM-related operation to be performed by the security TPM (either onboard or external) at the next system boot to enhance system data integrity. The options are None and TPM Clear.
Note: If this feature is used, your system will reboot to carry out a pending TPM operation.
Platform Hierarchy (Available when "Security Device Support" is set to Enabled)
Select Enabled for TPM Platform Hierarchy support, which allows the manufacturer to utilize the cryptographic algorithm to define a constant key or a fixed set of keys to be used for initial system boot. These early boot codes are shipped with the platform and are included in the list of "public keys." During system boot, the platform firmware uses the trusted public keys to verify a digital signature in an attempt to manage and control the security of the platform firmware used in a host system via the TPM (either onboard or external). The options are Disabled and Enabled.
Storage Hierarchy (Available when "Security Device Support" is set to Enabled)
Select Enabled for TPM Storage Hierarchy support that is intended to be used for non-privacy-sensitive operations by a platform owner such as an IT professional or the end user. Storage Hierarchy has an owner policy and an authorization value, both of which can be set and are held constant (-rarely changed) through reboots. This hierarchy can be cleared or changed independently of the other hierarchies. The options are Disabled and Enabled.
Endorsement Hierarchy (Available when "Security Device Support" is set to Enabled)
Select Enabled for Endorsement Hierarchy support, which contains separate controls to address the user's privacy concerns because the primary keys in the hierarchy are certified by the TPM key or by a manufacturer with restrictions on how an authentic TPM (either onboard or external) that is attached to an authentic platform can be accessed and used. A primary key can be encrypted and certified with a certificate created by using TPM2_ActivateCredential, which allows the user to independently enable "flag, policy, and authorization values" without involving other hierarchies. A user with privacy concerns can disable the endorsement hierarchy while still using the storage hierarchy for TPM applications, permitting the platform software to use the TPM. The options are Disabled and Enabled.
PH Randomization
Select Enabled for Platform Hierarchy (PH) Randomization support, which is used only during the platform developmental stage. This feature cannot be enabled in the production platforms. The options are Disabled and Enabled.
Supermicro BIOS-Based TPM Provision Support
Set this feature to Enabled to unlock the TPM. Save settings and exit the BIOS Setup utility. The Non-volatile (NV) indexes can be deleted after the system reboot. The options are Disabled and Enabled.