Secure Memory Configuration of the BIOS

4.1.4

Verify that the TEE secure memory configuration of the BIOS is valid.

See Test Networking.

1. The TrustZone kit has been burnt into the server and the TrustZone license has been activated.
2. The iBMC management IP address has been configured and can be accessed.
3. Eight 32 GB DIMMs are installed in die 0 of CPU 0 and the other DIMM slots are idle.

1. Restart the server, enter the BIOS, choose Advanced > TEE Config, and set the TEE secure memory to 1 GB.
2. Restart the server, enter the REE OS, and check the available memory of the REE OS. (See Expected Result 1.)
3. Repeat steps 1 and 2. The secure memory specifications are 4 GB, 16 GB, 32 GB, 64 GB, and 128 GB. (See Expected Result 2.)
4. Power off the server. Insert three 32 GB DIMMs into die 0 of CPU 0 and keep the other DIMM slots idle.
5. Restart the server, enter the BIOS, and set the TEE secure memory to 1 GB.
6. Restart the server, enter the REE OS, and check the available memory of the REE OS. (See Expected Result 3.)

1. The REE memory is 1 GB less than the physical memory (8 x 32 GB). The 1 GB is allocated to the TEE as a secure memory space.
2. Compared with the physical memory, the REE memory has a smaller memory. The physical memory size is the sum of the REE memory size and the secure memory size.
3. The REE memory is 1 x 3 GB less than the physical memory (3 x 32 GB). Due to the 3/6 channel interleaving, the 3 GB memory is allocated to the TEE as a secure memory space.