This blog was written by Thomas Cantwell & Johan Rahardjo.

Introduction – Dell PowerEdge 13G servers now have multiple options for TPM (Trusted Platform Module ). This means you must carefully consider your overall TPM usage model, as well as your current and future operating system choices to ensure you make the right choice – both in the near-term and for the future.

Available TPM Plug In Module options for Dell PowerEdge 13G platforms –

  •       TPM 1.2
  •       TPM 2.0
  •       TPM 2.0 (China)

Dell worked closely with OS vendors to be first-to-market with TPM 2.0, enabling customers to configure their systems to be future-ready. Dell TPM 1.2 and 2.0 solutions are one of the few TPM solutions that are enhanced by full certification with FIPS 140-2, TCG, and Common Criteria to meet strict US federal government security requirements.

Which should you choose?

TPM 1.2 – TPM 1.2 is the legacy TPM chip that first shipped on Dell PowerEdge 11G servers.  It is fully supported on the following operating systems.  (Note: TPM 1.2 only supports Secure Hash Algorithm 1 [SHA1]):

  • Windows Vista/Server 2008

  • Windows 7/Server 2008R2

  • Windows 8/Server 2012

  • Windows 8.1/Server 2012R2

  • VMWare ESXi hypervisor has supported TPM since 4.x, and from 5.0, it is enabled by default.

  • For Linux operating systems, please contact your OS vendor for more information on TPM 1.2 support.

     

TPM 2.0 - is the most current implementation of TPM to purchase if you want to future-proof your Dell 13G PowerEdge servers.  There are new usage models, and future OS versions, such as Windows Server 2016, that will leverage TPM 2.0.  TPM 2.0 supports SHA1, but more importantly, newer/stronger cryptography standards with the addition of SHA256.

TPM 2.0 (China) – if you want to implement TPM 2.0 in China, you must use this version of the TPM specifically qualified and supported for China.  It is only available in China and you cannot use a ROW (Rest-Of-World) TPM 2.0 in China.

Key decision criteria –

TPM 2.0 is supported in the following OS -

 

Important information –

The TPM modules in 13G servers and later are a separate module that is installable/removable, but the module itself, once enabled on a specific system, is now locked to the system it was enabled on and cannot be moved to any other system. This physical and cryptographic binding ensures the platform integrity cannot be breached or data simply moved to another platform along with the TPM.