Manual Chapter : Trusted Platform Module (TPM) overview

Applies To:

Show Versions Show Versions

F5OS

  • 1.1.1, 1.1.0
Manual Chapter

Trusted Platform Module (TPM) overview

A Trusted Platform Module (TPM) is a hardware device that implements security functions to provide the ability to determine a trusted computing environment, allowing for an increased assurance of trust that a device behaves for its intended purpose. TPM Chain of Custody provides assurance that the software loaded on your platform at startup time has the same signature as the software that is loaded by F5 when the system is manufactured.
These measurements include taking hashes of most of the BIOS code, BIOS settings, TPM settings, tboot, Linux Initrd, and Linux kernel (Initial VELOS release only validates BIOS) so that alternative versions of the measured modules cannot be easily produced and so that the hashes lead to identical measurements. You can use these measurements to validate against known good values.
Both of the system controllers, as well as all the blades (BX110) have a TPM chipset. For the initial VELOS release, local attestation is done automatically at boot time and can be displayed in the CLI.
The TPM implements protected capabilities and locations that protect and report integrity measurements using Platform Configuration Registers (PCRs). The TPM also includes additional security functionality, including cryptographic key management, random number generation, and the sealing of data to system state.
Your TPM-equipped VELOS system comes with functionality to aid in attestation and confirming chain of custody for the device locally without the need for doing it manually.
If your system has been breached, consult your security team immediately.