1. Manuals
  2. Brands
  3. Lenovo Manuals
  4. Server
  5. ThinkSystem SR635
  6. Maintenance manual

Lenovo ThinkSystem SR635 Maintenance Manual page 210

Hide thumbs
Table of Contents

Advertisement

(Required) Set the TPM policy
Use this topic to set the TPM policy.
Attention:
• Physical Presence must be asserted if you are going to set the TPM policy. See "(Required) Assert
Physical Presence" on page 199.
• The policy to be set must match the TPM hardware device. For example, when the hardware device is an
onboard chip for customers outside Chinese Mainland, if the policy is set to NationZ TPM 2.0 enabled -
China only, the setting will fail.
• Once the policy is successfully set and locked, whether it be Permanently disabled, TPM enabled -
ROW, or NationZ TPM 2.0 enabled - China only, the policy cannot be unlocked and modified on field
sites, if required, a new FRU system board is needed.
• After the policy is locked using OneCLI commands, for security reasons, it must be locked on field sites.
Recommended tools
Lenovo XClarity Essentials OneCLI commands
Setting the policy
Note: Please note that a Local IPMI user and password must be setup in Lenovo XClarity Controller for
remote accessing to the target system.
Steps:
1. Read TpmTcmPolicyLock to check whether the TPM_TCM_POLICY has been locked:
OneCli.exe config show bmc.TpmTcmPolicyLock --override --bmc
<userid>:<password>@<ip_address>
Note: The bmc.TpmTcmPolicyLock value must be 'Disabled', which means TPM_TCM_POLICY is NOT
locked and changes to the TPM_TCM_POLICY are permitted. If the return code is 'Enabled' then no
changes to the policy are permitted. The planar may still be used if the desired setting is correct for the
system being replaced.
2. Configure the TPM_TCM_POLICY into BMC:
• For customers in Chinese Mainland with no TPM, or customers that require to disable TPM:
OneCli.exe config set bmc.TpmTcmPolicy "NeitherTpmNorTcm" --override --bmc
<userid>:<password>@<ip_address>
• For customers in Chinese Mainland that require to enable TPM:
OneCli.exe config set bmc.TpmTcmPolicy "NationZTPM20Only" --override --bmc
<userid>:<password>@<ip_address>
• For customers outside Chinese Mainland that require to enable TPM:
OneCli.exe config set bmc.TpmTcmPolicy "TpmOnly" --override --bmc
<userid>:<password>@<ip_address>
3. Issue reset command to reset system:
OneCli.exe misc ospower reboot --bmc
<userid>:<password>@<ip_address>
4. Read back the value to check whether the change has been accepted:
OneCli.exe config show bmc.TpmTcmPolicy --override --bmc
<userid>:<password>@<ip_address>
Notes: If the read back value is matched it means the TPM_TCM_POLICY has been set correctly.
bmc.TpmTcmPolicy is defined as below:
• Value 0 use string "Undefined" , which means UNDEFINED policy.
ThinkSystem SR635 Maintenance Manual
200

Advertisement

Table of Contents
loading

Related Manuals for Lenovo ThinkSystem SR635

Related Products for Lenovo ThinkSystem SR635

Table of Contents