Trusted Platform Module

The TPM is a chip that helps to securely store encryption keys, digital certificates, and other security data in protected memory located within the chip or in encrypted files. The safeguards built into the TPM integrate with the server system to help make it significantly more difficult for an attacker to compromise than other key storage options.

For additional information see:
https://trustedcomputinggroup.org/wp-content/uploads/2019_TCG_TPM2_BriefOverview_DR02web.pdf

Your server can be purchased with the following TPM options:

  1. TPM2.0 - Dell Technologies recommended and factory default. It is the latest implementation of TPM to future-proof your Dell EMC PowerEdge servers. There are new usage models that modern OS versions, such as Windows Server 2019, can leverage. FUTURE releases of Windows Server will require TPM 2.0 to be installed and enabled with uEFI boot mode to take full advantage of security features and ensure seamless technical support. TPM 2.0 supports algorithm agility and newer cryptographic algorithms including SHA256 and ECC-P384.
  2. No TPM - TPM module will not be installed in the server.
  3. TPM1.2 - The legacy TPM chip. It is fully supported on a wide variety of operating systems. TPM 1.2 only supports Secure Hash Algorithm 1 [SHA1] and is not recommended with modern operating systems and applications. Furthermore, in general the NIST (National Institute of Standards and Technology) requires that SHA-1 shell not be used for digital signature generation. For more information see NIST publication SP 800-131 at https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final

Your TPM module size and shape may vary, based on your server type. Below is a typical view included for reference only.

Trusted Platform Module

Important notes:

  1. TPM 1.2 and TPM 2.0 are not considered to be compatible with each other. There are too many improvements in the newer TPM 2.0.
  2. Once the TPM module is enabled on any Dell EMC PowerEdge server, that physical chip is permanently tied to that specific server and cannot be moved to any other system. This physical and cryptographic binding ensures that the platform integrity cannot be breached or that the data cannot simply be moved to another platform along with the TPM.
  3. The TPM module is field replaceable and available from Dell Technologies after server point of sale. For replacement information see your Dell Technologies user manual or https://www.youtube.com/watch?v=Q6ElFi-pusA