- Notes, cautions, and warnings
- Getting Started
- What’s new in this release
- DUP event viewer
- Zip pack elimination
- Slot information for hard drive
- Dependency
- Supported Operating Systems
- Prerequisites
- Prerequisites And Features For Systems Running Linux
- Prerequisites and Features for Systems Running Windows
- Downloading DUPs
- Downloading DUPs through Repository Manager
- Installing Device Drivers
- Installation Order of DUPs
- Best practices for using DUPs
- Other Documents You May Need
- Contacting Dell
- Using Dell Update Packages
- Update and Rollback in Lifecycle Controller Enabled Server
- Command Line Interface Reference
- Linux Troubleshooting
- Known Issues
- Diagnostic Tasks Will Not Run While a DUP Reboot is Pending
- Abnormal Termination of a DUP
- Error While Loading Shared Libraries
- Insufficient Free Physical Memory to Load the BIOS Image
- Kernel Panic While Running Storage Controller Firmware Update Packages
- Loss of Functionality While Renaming Linux DUPs
- DUPs Fail on 64-bit Red Hat Enterprise Linux Operating System
- DUP Update of Firmware Might Fail While Running in the UEFI Mode
- Messages
- DUP Message Logs
- Known Issues
- Troubleshooting for Systems Running Windows
- Trusted Platform Module and BitLocker Support
- Microsoft Windows Server 2008 User Account Control
- Frequently Asked Questions
Dell Update Packages User's Guide
Trusted Platform Module and BitLocker Support
A Trusted Platform Module (TPM) is a secure microcontroller with cryptographic capabilities designed to provide basic security‑related functions involving encryption keys. It is installed on the motherboard of the system, and communicates with the rest of the system using a hardware bus. You can establish ownership of the system and its TPM using the BIOS setup commands.
TPM stores the platform configuration as a set of values in a set of Platform Configuration Registers (PCRs). Thus one such register may store, for example, the motherboard manufacturer; another, the processor manufacturer; a third, the firmware version for the platform, and so on. Systems that incorporate a TPM create a key that is tied to platform measurements. The key can only be unwrapped when those platform measurements have the same values that they had when the key was created. This process is called sealing the key to the TPM. Decrypting is called unsealing. When a sealed key is first created, the TPM records a snapshot of configuration values and file hashes. A sealed key is only unsealed or released when those current system values match the ones in the snapshot. BitLocker uses sealed keys to detect attacks against the integrity of the system. Data is locked until specific hardware or software conditions are met.
BitLocker mitigates unauthorized data access by combining two major
data‑protection procedures:
- Encrypting the entire Windows operating system volume on the hard disk: BitLocker encrypts all user files and system files in the operating system volume.
- Checking the integrity of early boot components and the boot configuration data: On systems that have a TPM version 1.2, BitLocker leverages the enhanced security capabilities of the TPM and ensures that the data is accessible only if the boot components of the system are unaltered and the encrypted disk is located in the original system.
BitLocker is designed for systems that have a compatible TPM microchip and BIOS. A compatible TPM is defined as a version 1.2 TPM. A compatible BIOS supports the TPM and the Static root of Trust Measurement. BitLocker seals the master encryption key in the TPM and only allows the key to be released when code measurements have not changed from a previous secure boot. It forces you to provide a recovery key to continue boot if any measurements have changed. A one‑to‑many BIOS update scenario results in BitLocker halting the update and requesting a recovery key before completing boot.
BitLocker protects the data stored on a system through full volume encryption and secure startup. It ensures that data stored on a system remains encrypted even if the system is tampered with when the operating system is not running and prevents the operating system from booting and decrypting the drive until you present the BitLocker key.
TPM interacts with BitLocker to provide protection at system startup. TPM must be enabled and activated before it can be used by BitLocker. If the startup information has changed, BitLocker enters recovery mode, and you need a recovery password to regain access to the data.
- NOTE: For information on how to turn on BitLocker, see the Microsoft TechNet website. For instructions on how to activate TPM , see the documentation included with the system. A TPM is not required for BitLocker; however, only a system with a TPM can provide the additional security of startup system integrity verification. Without TPM, BitLocker can be used to encrypt volumes but not a secure startup.
- NOTE: The most secure way to configure BitLocker is on a system with a TPM version 1.2 and a Trusted Computing Group (TCG) compliant BIOS implementation, with either a startup key or a PIN. These methods provide additional authentication by requiring either an additional physical key (a USB flash drive with a system‑readable key written to it) or a PIN set by the user.
- NOTE: For mass BIOS updates, create a script that disables BitLocker, installs the update, reboots the system and then re‑enables BitLocker. For one‑to‑one Dell Update Package (DUP) deployments, manually disable BitLocker and then re‑enable it after rebooting the system.
- NOTE: In addition to BIOS DUP, execution of firmware DUP for U320, Serial Attached SCSI (SAS) 5, SAS 6, Expandable RAID Controller (PERC) 5, PERC 6, and Cost Effective RAID Controller (CERC) 6 controllers is blocked on a system having a TPM version 1.2 chip, TPM Security set at ON with pre‑boot measurement, and TPM Activation set at Enabled if you enable BitLocker (TPM or TPM with USB or TPM with PIN).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\