When the SAKA boots—cold or warm reboot—the appliance provides the option to go into the machine's BIOS Setup to modify its configuration parameters, including access to the Trusted Platform Module (TPM).
The SAKA Model-T appliance relies on the TPM cryptographic hardware to generate, store, and protect the appliances Storage Root Key (SRK) within the TPM. The SRK protects the key hierarchy (described in KAM Key Management) and sensitive data on the appliance.
Access to the TPM is provided either through the system BIOS or programmatically through software. Accessing the TPM through software requires the three Key Custodians to activate the TPM with their respective PINs, but access to the TPM through the BIOS is controlled through the system BIOS password.
While a malicious insider with access to the BIOS cannot compromise encrypted data or keys protected by the TPM, the attacker can clear the TPM. Clearing the TPM erases the SRK, effectively making impossible on that appliance the decryption of any cryptographic key protected by the SRK. This is a permanent effect.
NOTE: StrongKey's standard implementation requires a minimum of two SAKA servers in the Production environment. The appliances replicate encryption domain keys and data between them, thus protecting a site from catastrophic loss of a single appliance's TPM. However, if all TPMs are cleared through an attack or accident, while no sensitive data will be compromised, it will be impossible to recover sensitive data even if the site has full backups of the appliance's database and file system. Thus, protecting access to the TPM is critical to a site's ongoing operations. |
StrongKey typically supplies a default password—Abcd1234!—to the BIOS during installation, with instructions to change it immediately. The process to change the password is as follows:
Boot or reboot the appliance.
As soon as BIOS screen prompts are visible, ss the appropriate function key to enter the System Setup.
When prompted for a BIOS password, either type in Abcd1234! or the current password. If there is no BIOS password, the Setup screen will open directly without any prompts.
Navigate to the Security screen and the menu option to set a password for the BIOS Setup.
Change the password. It may prompt once for the current password if one is set. The new password must be entered twice.
Save the password with the appropriate function key prompts and exit the Setup screen.
Repeat this process on all other SAKA servers.