Intel D915GEV User Manual - Page 66

Trusted Platform Module Ownership, Enabling the Trusted Platform Module, Assuming Trusted Platform

Get Intel D915GEV - Desktop Board Motherboard PDF manuals and user guides
UPC - 735858177559
View all Intel D915GEV manuals
Add to My Manuals
Save this manual to your list of manuals

Page 66 highlights

Intel Desktop Board D915GEV/D915GUX/D915GAV/D915GAG Product Guide Trusted Platform Module Ownership The Trusted Platform Module is disabled by default when shipped and the owner/end customer of the system assumes "ownership" of the TPM. This permits the owner of the system to control initialization of the TPM and create all the passwords associated with the TPM that is used to protect their keys and data. System builders/integrators may install both the Infineon Security Platform software and the Wave System EMBASSY Trust Suite, but SHOULD NOT attempt to use or activate the TPM or either software package. NOTE System builders should pass the Trusted Platform Module Quick Reference (included with the desktop board) to the system owner to assist them in enabling and initializing the TPM. Enabling the Trusted Platform Module The Trusted Platform Module is disabled by default when shipped to insure that the owner/end customer of the system initializes the TPM and configures all security passwords. The owner/end customer should use the following steps to enable the TPM. 1. While the PC is displaying the splash screen (or POST screen), press the key to enter BIOS. 2. Use the arrow keys to go to the Advanced Menu, select Peripheral Configuration, and then press the key. 3. Select the Trusted Platform Module, press , and select Enabled and press again (display should show: Trusted Platform Module [Enabled]). 4. Press the key, select Ok and press . 5. System should reboot and start Microsoft Windows. Assuming Trusted Platform Module Ownership Once the TPM has been enabled, ownership must be assumed by using the Infineon Security Platform Software. The owner/end user should follow the steps listed below to take ownership of the TPM: 1. Start the system. 2. Launch the Infineon Security Platform Initialization Wizard. 3. Create Owner password (before creating any password, review the Password Recommendations made earlier in this document). 4. Create a new Recovery Archive (note the file name and location). 5. Specify a Security Platform Emergency Recovery Token password and location. (this password should not match the Owner password or any other password). 6. Define where to save the Emergency Recovery Token (note the file location and name). 7. The software will then create recovery archive files and finalize ownership of the TPM. 8. After completing the Infineon Security Platform Initialization Wizard, the Emergency Recovery Token (SPEmRecToken.xml) must be moved to a removable media (floppy, CDR, flash media, etc) if the file was not saved to a removable media during installation. Once this is 66

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
Intel Desktop Board D915GEV/D915GUX/D915GAV/D915GAG Product Guide
66
Trusted Platform Module Ownership
The Trusted Platform Module is disabled by default when shipped and the owner/end customer of
the system assumes “ownership” of the TPM.
This permits the owner of the system to control
initialization of the TPM and create all the passwords associated with the TPM that is used to
protect their keys and data.
System builders/integrators may install both the Infineon Security Platform software and the Wave
System EMBASSY Trust Suite, but SHOULD NOT attempt to use or activate the TPM or either
software package.
NOTE
System builders should pass the
Trusted Platform Module Quick Reference
(included with the
desktop board) to the system owner to assist them in enabling and initializing the TPM.
Enabling the Trusted Platform Module
The Trusted Platform Module is disabled by default when shipped to insure that the owner/end
customer of the system initializes the TPM and configures all security passwords.
The owner/end
customer should use the following steps to enable the TPM.
1.
While the PC is displaying the splash screen (or POST screen), press the <F2> key to enter
BIOS.
2.
Use the arrow keys to go to the Advanced Menu, select Peripheral Configuration, and then
press the <Enter> key.
3.
Select the Trusted Platform Module, press <Enter>, and select Enabled and press <Enter> again
(display should show:
Trusted Platform Module [Enabled]
).
4.
Press the <F10> key, select Ok and press <Enter>.
5.
System should reboot and start Microsoft Windows.
Assuming Trusted Platform Module Ownership
Once the TPM has been enabled, ownership must be assumed by using the Infineon Security
Platform Software.
The owner/end user should follow the steps listed below to take ownership of
the TPM:
1.
Start the system.
2.
Launch the Infineon Security Platform Initialization Wizard.
3.
Create Owner password (before creating any password, review the Password Recommendations
made earlier in this document).
4.
Create a new Recovery Archive (note the file name and location).
5.
Specify a Security Platform Emergency Recovery Token password and location. (this password
should not match the Owner password or any other password).
6.
Define where to save the Emergency Recovery Token (note the file location and name).
7.
The software will then create recovery archive files and finalize ownership of the TPM.
8.
After completing the Infineon Security Platform Initialization Wizard, the Emergency
Recovery Token (
SPEmRecToken.xml
) must be moved
to a removable media (floppy, CDR,
flash media, etc) if the file was not saved to a removable media during installation.
Once this is