A Trusted Platform Module (TPM) is a hardware device that
implements security functions to provide the ability to determine a trusted
computing environment, allowing for an increased assurance of trust that a
device behaves for its intended purpose. TPM Chain of Custody provides
assurance that the software loaded on your platform at startup time has the
same signature as the software that is loaded by F5 when the system is
These measurements include taking hashes of most of the BIOS code, BIOS
settings, TPM settings, tboot, Linux Initrd, and Linux kernel (Initial VELOS
release only validates BIOS) so that alternative versions of the measured
modules cannot be easily produced and so that the hashes lead to identical
measurements. You can use these measurements to validate against known good
Both of the system controllers, as well as all the blades (BX110) have
a TPM chipset. For the initial VELOS release, local attestation is done
automatically at boot time and can be displayed in the CLI.
The TPM implements protected capabilities and locations that
protect and report integrity measurements using Platform Configuration
Registers (PCRs). The TPM also includes additional security functionality,
including cryptographic key management, random number generation, and the
sealing of data to system state.
Your TPM-equipped VELOS system comes with functionality to
aid in attestation and confirming chain of custody for the device locally
without the need for doing it manually.
If your system has been breached,
consult your security team immediately.