Intel D915GMH English Manual Product Guide - Page 66

Intel Desktop Board D915GMH Product Guide Enabling the Trusted Platform Module The Trusted Platform Module is disabled by default when shipped to insure that the owner/end customer of the system initializes the TPM and configures all security passwords. The owner/end customer should take the following steps to enable the TPM. 1. While the PC is displaying the splash screen (or POST screen), press the key to enter BIOS setup. 2. Use the arrow keys to go to the Advanced Menu and select Peripheral Configuration. Then, press the key on your keyboard. 3. Select the Trusted Platform Module, press , and select Enabled and press again (display should show: Trusted Platform Module [Enabled]). 4. Press the key, select OK and press . 5. The system should reboot and start Microsoft Windows. Assuming Trusted Platform Module Ownership Once the TPM has been enabled, ownership must be assumed by using the Infineon Security Platform Software. The owner/end user should follow the steps listed below to take ownership of the TPM: 1. Start the system. 2. Launch the Infineon Security Platform Initialization Wizard. 3. Review the Password Procedures on page 64 and create the Owner password. 4. Create a new Recovery Archive and note the file name and location. 5. Specify a Security Platform Emergency Recovery Token password and location. (This password should not match the Owner password or any other password.) 6. Define where to save the Emergency Recovery Token and note the file name and location. 7. The software will then create Recovery Archive files and finalize ownership of the TPM. 8. After completing the Infineon Security Platform Initialization Wizard, the Emergency Recovery Token (SPEmRecToken.xml) must be moved to a removable media (floppy, CDR, flash media, etc.) if the file was not saved to a removable media during installation. Once this is done, the removable media should be stored in a secure location. No copies of this Emergency Recovery Token file should remain on the system. If a copy remains on the system, it could be used to compromise the security of the platform. 9. Launch the Infineon Security Platform User Initialization Wizard. 10. Create a Basic User password. (This password is the most frequently used and should not match any other password.) 11. Select and configure Security Platform features for this user. 12. After completing the Infineon Security Platform User Initialization Wizard, a copy of the Emergency Recovery Archive (SPEmRecArchive.xml) should be copied to a removable media and stored in a secure location. This procedure should be repeated after any password changes or the addition of new users. 13. Restart the system. 14. To back up the keys for the EMBASSY Trust Suite, the Key Transfer Manager software must be configured. Launch the Key Transfer Manager from the program menu. 66