Applies To:Show Versions
BIG-IP Link Controller
Trusted Platform Module (TPM)
About the Trusted Platform Module (TPM)
A Trusted Platform Module (TPM) is a hardware device that implements security functions to provide the ability to determine a trusted computing environment, allowing for an increased assurance of trust that a device behaves for its intended purpose. TPM Chain of Custody provides assurance that the software loaded on your platform at startup time has the same signature as the software that is loaded by F5 when the system is manufactured.
The TPM implements protected capabilities and locations that protect and report integrity measurements using Platform Configuration Registers (PCRs). The TPM also includes additional security functionality, including cryptographic key management, random number generation, and the sealing of data to system state.
Your TPM-equipped F5 system comes with functionality to aid in attestation and confirming chain of custody for the device locally without the need for doing it manually. This functionality verifies that the correct, F5-supplied BIOS, TBOOT software, kernel, and initrd are used during system boot.
These platforms include a Trusted Platform Module (TPM).
- BIG-IP i2000 Series
- BIG-IP i4000 Series
- BIG-IP i5000 Series
- BIG-IP i7000 Series
- BIG-IP i10000 Series
- BIG-IP i11000 Series
- BIG-IP i15000 Series
- VIPRION B4450 blade
Display the current local attestation status using tmsh
- Log in to the command-line interface of the system using an administrative account.
Open the TMOS Shell (tmsh).
Display the current local attestation status.
The -a option specifies appending of PCR data to a file, and the -v option displays more verbosity.run sys integrity status -a -vA message similar to this example displays the current status: System Integrity Status: Valid
Available system integrity states
This table lists the available system integrity states for the Trusted Platform Module (TPM).
|Not Supported||Indicates that the system does not have the capability to perform System Integrity Measurements.|
|Pending||Indicates that the system is not yet ready to produce a System Integrity Measurement and evaluate the reference values.|
|Valid||Indicates that the solicited System Integrity Measurement matches one of the sets of reference values in the local System Integrity Reference Repository (SIRR).|
|Invalid||Indicates that the System Integrity Measurement has been taken without error, but the values do not match any set of acceptable values in the local System Integrity Reference Repository. This could mean that the SIRR is out of date or that the system has been tampered with.|
|Unavailable||Indicates that an error has occurred.|