Trusted Platform Module Replacement

Trusted Platform Module Replacement Overview

This is a high-level overview of the procedure to replace the trusted platform module (TPM) on the DGX A100 system.

  1. If enabled, disable drive encryption.

  2. Shut down the system.

  3. Label all motherboard tray cables and unplug them.

  4. Slide out the motherboard tray and open the motherboard tray I/O compartment.

  5. Replace the TPM on the motherboard.

  6. Close the I/O compartment lid on the motherboard tray.

  7. Slide the motherboard tray into the system.

  8. Plug in all cables using the labels as a reference.

  9. Power on the system.

  10. Verify that the network card is healthy using nvsm show health.

  11. If the data drives need to be protected, then enable encryption.

Replacing the Trusted Platform Module

Caution

Static Sensitive Devices: - Be sure to observe best practices for electrostatic discharge (ESD) protection. This includes making sure personnel and equipment are connected to a common ground, such as by wearing a wrist strap connected to the chassis ground, and placing components on static-free work surfaces.

  1. Obtain a new Trusted Platform Module (TPM) from NVIDIA.

  2. If data drives are encrypted, then disable encryption.

    $ sudo nv-disk-encrypt disable

    Note

    The TPM2 OS package must be installed and TPM enabled in the SBIOS. Refer to the chapter Managing the DGX A100 Self-Encrypting Drives in the NVIDIA DGX A100 User Guide for more information.

  3. Power down the system.

  4. Label all cables connected to the motherboard tray for easy identification when reconnecting.

  5. Unplug all power cords.

  6. Unplug all network, monitor, and USB cables.

  7. Remove the motherboard tray.

    Refer to the instructions in the section Removing the Motherboard Tray.

  8. Replace the TPM by pulling it up vertically and then inserting the replacement in its slot.

    _images/tpm-replace.png

  9. Close the motherboard tray lid and reinsert the mother board tray and secure.

    Refer to the instructions in the section Reinstalling the Motherboard Tray.

  10. Connect all the cables to the motherboard tray.

  11. Install all the power cords.

  12. Power on the system and log in.

  13. If data drives were encrypted prior to replacing the TPM, encrypt the drives.

    Note

    The TPM2 OS package must be installed and TPM enabled in the SBIOS. Refer to the chapter Managing the DGX A100 Self-Encrypting Drives in the NVIDIA DGX A100 User Guide for more information.

    The following is an example command for enabling drive encryption:

    $ sudo nv-disk-encrypt init -g -r -k <your vault password>

  14. Confirm that the system is healthy.

    $ sudo nvsm show health