iTPM vs HW TPM

iTPM vs HW TPM

Hi all,

I'm a PhD student at KU Leuven and I'm looking to buy a new system for my research. It should have extensive virtualization support (EPT, Direct I/O, ...). Since one of the first things I'm going to do is do some benchmarks on TPM performance, and that's where the problem starts, it should also provide an integrated TPM chip. So I was looking at the DQ77CP motherboard[1]. While on a comparison page it states that it is equipped with an iTPM, it does not specify this in any other documentation that I found. It does state that it supports Advanced Management Technology (AMTv8.0). Does this always include an iTPM? The technical document specification states that it is shipped with an Nuvoton NPCT420 TPM. So is it possible to switch between the TPMs (which would be great, by the way)? How exactly?

[1] http://www.intel.com/support/motherboards/desktop/db-dq77cp/sb/CS-033591...

Thanks in advance!

Raoul

8 posts / novo 0
Último post
Para obter mais informações sobre otimizações de compiladores, consulte Aviso sobre otimizações.
imagem de Gael Hofemeier (Intel)

You might want to checke http://ark.intel.com - You can find pretty good details of processor/board  support on this page.

Follow me on Twitter: @GaelHof Facebook: https://www.facebook.com/gh.intelblogs
imagem de Gael Hofemeier (Intel)

According to ark.intel.com the DQ77CP board does support TPM version 1.2. It seems that on the system you are referring to, the microcontroller is a nuvoton product.  There are other companies that have microcontrollers but I don't know how trivial it would be to change them out or if you would even want to do that.

Follow me on Twitter: @GaelHof Facebook: https://www.facebook.com/gh.intelblogs

Thanks for replying so quickly Gael! Physically swapping TPM chips is probably a bad idea, but I was referring to a physically TPM chip combined with an iTPM which executes in software on the motherboard. So it's not a hardware chip. I found a developers kit manual that says that it's possible to solder a TPM chip on the motherboard with a jumper to switch between the iTPM and the HW TPM. The problem is that the motherboard didn't support the virtualisation stuff I want. So the question now becomes, is it always like this? When I order a desktop board is the TPM chip already soldered on (keeping fingers crossed) with a jumper?

Thanks!

imagem de Gael Hofemeier (Intel)

I am not sure I understand your question, but if you look up your motherboard on ark.intel.com and it states that it supports TPM, then you don't have to add anything.  You would have to do the initial setup and configuration in order to use it.  And to be honest, I don't know anything about whether or not there is a jumper associated with it. (sorry!)  I'll ask around about this.

Follow me on Twitter: @GaelHof Facebook: https://www.facebook.com/gh.intelblogs

I know it's an extremely detailed question, so don't worry about it. It's already great that you respond so quickly! :)

I have the same question that never got answered here. Intel makes something called an "iTPM" (integrated TPM). It's built into their hardware now. Where is the documentation for researchers who would like to know if a given system has an iTPM, and would like to use it, instead of a 3rd party TPM soldered onto the mobo?

Thanks

JB

Apparently, the decision whether to ship the system with an iTPM or HW TPM is solely made by the OEM. Once they made the decision to go for the HW TPM, there is no way to revert that decision. You can probably figure out whether you have an iTPM or HW TPM by looking up the vendor of the TPM (tpm_version command under Linux), unfortunately that doesn't really help you if you want to buy a system with an iTPM.

Faça login para deixar um comentário.