この製品のマニュアルセットは、偏向のない言語を使用するように配慮されています。このマニュアルセットでの偏向のない言語とは、年齢、障害、性別、人種的アイデンティティ、民族的アイデンティティ、性的指向、社会経済的地位、およびインターセクショナリティに基づく差別を意味しない言語として定義されています。製品ソフトウェアのユーザーインターフェイスにハードコードされている言語、RFP のドキュメントに基づいて使用されている言語、または参照されているサードパーティ製品で使用されている言語によりドキュメントに例外が存在する場合があります。シスコのインクルーシブランゲージに対する取り組みの詳細は、こちらをご覧ください。
このドキュメントは、米国シスコ発行ドキュメントの参考和訳です。リンク情報につきましては、日本語版掲載時点で、英語版にアップデートがあり、リンク先のページが移動/変更されている場合がありますことをご了承ください。あくまでも参考和訳となりますので、正式な内容については米国サイトのドキュメントを参照ください。
目次
The Trusted Platform Module (TPM) is a component that can securely store artifacts that are used to authenticate the server. These artifacts can include passwords, certificates, or encryption keys. A TPM can also be used to store platform measurements that help ensure that the platform remains trustworthy. Authentication (ensuring that the platform can prove that it is what it claims to be) and attestation (a process helping to prove that a platform is trustworthy and has not been breached) are necessary steps to ensure safer computing in all environments. It is a requirement for the Intel Trusted Execution Technology (TXT) security feature, which must be enabled in the BIOS settings for a server equipped with a TPM. Only the modular servers in Cisco UCSME-2814 compute cartridges include support for TPM. TPM is enabled by default on these servers.
Intel Trusted Execution Technology (TXT) provides greater protection for information that is used and stored on the business server. A key aspect of that protection is the provision of an isolated execution environment and associated sections of memory where operations can be conducted on sensitive data, invisible to the rest of the system. Intel TXT provides for a sealed portion of storage where sensitive data such as encryption keys can be kept, helping to shield them from being compromised during an attack by malicious code. Only the modular servers in Cisco UCSME-2814 compute cartridges include support for TXT. TXT is disabled by default on these servers.
TXT can be enabled only after TPM, Intel Virtualization technology (VT) and Intel Virtualization Technology for Directed I/O (VT-d) are enabled. When you only enable TXT, it also implicitly enables TPM, VT, and VT-d.
The modular servers in Cisco UCSME-2814 compute cartridges include support for TPM and TXT. UCS Manager Release 2.5(2) allows you to perform the following operations on TPM and TXT:
1. UCS-A# scope org org-name
2. UCS-A /org # create bios-policy policy-name
3. UCS-A /org/bios-policy* # set trusted-platform-module-config tpm-state {enabled | disabled | platform-default}
4. UCS-A /org/bios-policy* # commit-buffer
5. UCS-A /org # create service-profile sp-name}
6. UCS-A /org/service-profile* # set bios-policy policy-name
7. UCS-A /org/service-profile* # commit-buffer
8. UCS-A /org/service-profile # associate server chassis-id / cartridge-id / slot-id
The following example shows how to enable TPM:
UCS-A # scope org UCS-A /org # create bios-policy bp1 UCS-A /org/bios-policy* # set trusted-platform-module-config tpm-state enabled UCS-A /org/bios-policy* # commit-buffer UCS-A /org # create service-profile sp1 UCS-A /org/service-profile* # set bios-policy bp1 UCS-A /org/service-profile* # commit-buffer UCS-A /org/service-profile # associate server 1/3/1
1. UCS-A# scope org org-name
2. UCS-A /org # create bios-policy policy-name
3. UCS-A /org/bios-policy* # set intel-trusted-execution-technology-config txt-support {enabled | disabled | platform-default}
4. UCS-A /org/bios-policy* # commit-buffer
5. UCS-A /org # create service-profile sp-name}
6. UCS-A /org/service-profile* # set bios-policy policy-name
7. UCS-A /org/service-profile* # commit-buffer
8. UCS-A /org/service-profile # associate server chassis-id / cartridge-id / slot-id
The following example shows how to enable TXT:
UCS-A # scope org UCS-A /org # create bios-policy bp1 UCS-A /org/bios-policy* # set intel-trusted-execution-technology-config txt-support enabled UCS-A /org/bios-policy* # commit-buffer UCS-A /org # create service-profile sp1 UCS-A /org/service-profile* # set bios-policy bp1 UCS-A /org/service-profile* # commit-buffer UCS-A /org/service-profile # associate server 1/3/1
You can clear TPM only on the modular servers that include support for TPM.
注意 |
Clearing TPM is a potentially hazardous operation. The OS may stop booting. You may also see loss of data. |
TPM must be enabled.
1. UCS-A# scope server chassis-id/cartridge-id/server-id
2. UCS-A# /chassis/cartridge/server # scope tpm tpm-ID
3. UCS-A# /chassis/cartridge/server/tpm # set adminaction clear-config
4. UCS-A# /chassis/cartridge/server/tpm # commit-buffer
The following example shows how to clear TPM for a modular server:
UCS-A# scope server 1/3/1 UCS-A# /chassis/cartridge/server # scope tpm 1 UCS-A# /chassis/cartridge/server/tpm # set adminaction clear-config UCS-A#/chassis/cartridge/server/tpm* # commit-buffer
1. UCS-A# scope server chassis-id/cartridge-id/server-id
2. UCS-A /chassis/cartridge/server # scope tpm tpm-id
3. UCS-A /chassis/cartridge/server/tpm # show
4. UCS-A /chassis/cartridge/server/tpm # show detail
The following example shows how to display the TPM properties a modular server:
UCS-A# scope server 1/3/1 UCS-A /chassis/cartridge/server # scope tpm 1 UCS-A /chassis/cartridge/server/tpm # show Trusted Platform Module: Presence: Equipped Enabled Status: Enabled Active Status: Activated Ownership: Unowned UCS-A /chassis/cartridge/server/tpm # show detail Trusted Platform Module: Enabled Status: Enabled Active Status: Activated Ownership: Unowned Tpm Revision: 2 Model: UCSX-TPM2-001 Vendor: Cisco Systems Inc Serial: FCH19257E58 Admin Action: Unspecified Config State: Not Applied UCS-A /chassis/cartridge/server/tpm #
目次
The Trusted Platform Module (TPM) is a component that can securely store artifacts that are used to authenticate the server. These artifacts can include passwords, certificates, or encryption keys. A TPM can also be used to store platform measurements that help ensure that the platform remains trustworthy. Authentication (ensuring that the platform can prove that it is what it claims to be) and attestation (a process helping to prove that a platform is trustworthy and has not been breached) are necessary steps to ensure safer computing in all environments. It is a requirement for the Intel Trusted Execution Technology (TXT) security feature, which must be enabled in the BIOS settings for a server equipped with a TPM. Only the modular servers in Cisco UCSME-2814 compute cartridges include support for TPM. TPM is enabled by default on these servers.
Intel Trusted Execution Technology (TXT) provides greater protection for information that is used and stored on the business server. A key aspect of that protection is the provision of an isolated execution environment and associated sections of memory where operations can be conducted on sensitive data, invisible to the rest of the system. Intel TXT provides for a sealed portion of storage where sensitive data such as encryption keys can be kept, helping to shield them from being compromised during an attack by malicious code. Only the modular servers in Cisco UCSME-2814 compute cartridges include support for TXT. TXT is disabled by default on these servers.
TXT can be enabled only after TPM, Intel Virtualization technology (VT) and Intel Virtualization Technology for Directed I/O (VT-d) are enabled. When you only enable TXT, it also implicitly enables TPM, VT, and VT-d.
The modular servers in Cisco UCSME-2814 compute cartridges include support for TPM and TXT. UCS Manager Release 2.5(2) allows you to perform the following operations on TPM and TXT:
1. UCS-A# scope org org-name
2. UCS-A /org # create bios-policy policy-name
3. UCS-A /org/bios-policy* # set trusted-platform-module-config tpm-state {enabled | disabled | platform-default}
4. UCS-A /org/bios-policy* # commit-buffer
5. UCS-A /org # create service-profile sp-name}
6. UCS-A /org/service-profile* # set bios-policy policy-name
7. UCS-A /org/service-profile* # commit-buffer
8. UCS-A /org/service-profile # associate server chassis-id / cartridge-id / slot-id
The following example shows how to enable TPM:
UCS-A # scope org UCS-A /org # create bios-policy bp1 UCS-A /org/bios-policy* # set trusted-platform-module-config tpm-state enabled UCS-A /org/bios-policy* # commit-buffer UCS-A /org # create service-profile sp1 UCS-A /org/service-profile* # set bios-policy bp1 UCS-A /org/service-profile* # commit-buffer UCS-A /org/service-profile # associate server 1/3/1
1. UCS-A# scope org org-name
2. UCS-A /org # create bios-policy policy-name
3. UCS-A /org/bios-policy* # set intel-trusted-execution-technology-config txt-support {enabled | disabled | platform-default}
4. UCS-A /org/bios-policy* # commit-buffer
5. UCS-A /org # create service-profile sp-name}
6. UCS-A /org/service-profile* # set bios-policy policy-name
7. UCS-A /org/service-profile* # commit-buffer
8. UCS-A /org/service-profile # associate server chassis-id / cartridge-id / slot-id
The following example shows how to enable TXT:
UCS-A # scope org UCS-A /org # create bios-policy bp1 UCS-A /org/bios-policy* # set intel-trusted-execution-technology-config txt-support enabled UCS-A /org/bios-policy* # commit-buffer UCS-A /org # create service-profile sp1 UCS-A /org/service-profile* # set bios-policy bp1 UCS-A /org/service-profile* # commit-buffer UCS-A /org/service-profile # associate server 1/3/1
You can clear TPM only on the modular servers that include support for TPM.
注意 |
Clearing TPM is a potentially hazardous operation. The OS may stop booting. You may also see loss of data. |
1. UCS-A# scope server chassis-id/cartridge-id/server-id
2. UCS-A# /chassis/cartridge/server # scope tpm tpm-ID
3. UCS-A# /chassis/cartridge/server/tpm # set adminaction clear-config
4. UCS-A# /chassis/cartridge/server/tpm # commit-buffer
1. UCS-A# scope server chassis-id/cartridge-id/server-id
2. UCS-A /chassis/cartridge/server # scope tpm tpm-id
3. UCS-A /chassis/cartridge/server/tpm # show
4. UCS-A /chassis/cartridge/server/tpm # show detail
The following example shows how to display the TPM properties a modular server:
UCS-A# scope server 1/3/1 UCS-A /chassis/cartridge/server # scope tpm 1 UCS-A /chassis/cartridge/server/tpm # show Trusted Platform Module: Presence: Equipped Enabled Status: Enabled Active Status: Activated Ownership: Unowned UCS-A /chassis/cartridge/server/tpm # show detail Trusted Platform Module: Enabled Status: Enabled Active Status: Activated Ownership: Unowned Tpm Revision: 2 Model: UCSX-TPM2-001 Vendor: Cisco Systems Inc Serial: FCH19257E58 Admin Action: Unspecified Config State: Not Applied UCS-A /chassis/cartridge/server/tpm #