Intel D915GUX Product Specification - Page 44

Trusted Platform Module Ownership

Get Intel D915GUX PDF manuals and user guides View all Intel D915GUX manuals
Add to My Manuals
Save this manual to your list of manuals

Page 44 highlights

Intel Desktop Board D915GUX/D915GHA Technical Product Specification etc.), and have them available for future use. These documents should be updated after any password changes. 1.13.3.2 Emergency Recovery File Back Up Procedures The Emergency Recovery Token (SPEmRecToken.xml) must be saved or moved to a removable media (floppy, USB drive, CDR, flash media, etc). Once this is done, the removable media should be stored in a secure location. DO NOT LEAVE ANY COPIES of the Emergency Recovery Token on the hard drive or within any hard drive image backups. If a copy of the Emergency Recovery Token remains on the system, it could be used to compromise the Trusted Platform Module and platform. After completing the Infineon Security Platform User Initialization Wizard, a copy of the Emergency Recovery Archive (SPEmRecArchive.xml) should be copied to a removable media and stored in a secure location. This procedure should be repeated after any password changes or the addition of a new user. 1.13.3.3 Hard Drive Image Backup Procedures To allow for emergency recovery from a hard drive failure, frequent images of the hard drive should be created and stored in a secure location. In the event of a hard drive failure, the latest image can be restored to a new hard drive and access to the encrypted data may be re-established. NOTE All encrypted and unencrypted data that was added after the last image was created will be lost. 1.13.3.4 Clear Text Backup (Optional) It is recommended that system owners follow the Hard Drive Image Backup Procedures. To backup select files without creating a drive image, files can be moved from secured programs or drive letters to an unencrypted directory. The unencrypted (clear text) files may then be backed up to a removable media and stored in a secure location. The advantage of the clear text backup is that no TPM key is required to restore the data. This option is not recommended because the data is exposed during backup and restore. 1.13.4 Trusted Platform Module Ownership The Trusted Platform Module is disabled by default when shipped and the owner/end customer of the system assumes "ownership" of the TPM. This permits the owner of the system to control initialization of the TPM and create all the passwords associated with the TPM that is used to protect their keys and data. System builders/integrators may install both the Infineon Security Platform software and the Wave System EMBASSY Trust Suite, but SHOULD NOT attempt to use or activate the TPM or either software package. 44

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
Intel Desktop Board D915GUX/D915GHA Technical Product Specification
44
etc.), and have them available for future use.
These documents should be updated after any
password changes.
1.13.3.2
Emergency Recovery File Back Up Procedures
The Emergency Recovery Token (
SPEmRecToken.xml
) must be saved or moved to a removable
media (floppy, USB drive, CDR, flash media, etc).
Once this is done, the removable media should
be stored in a secure location.
DO NOT LEAVE ANY COPIES of the Emergency Recovery
Token on the hard drive or within any hard drive image backups.
If a copy of the Emergency
Recovery Token remains on the system, it could be used to compromise the Trusted Platform
Module and platform.
After completing the Infineon Security Platform User Initialization Wizard, a copy of the
Emergency Recovery Archive (
SPEmRecArchive.xml
) should be copied to a removable media
and stored in a secure location.
This procedure should be repeated after any password changes or
the addition of a new user.
1.13.3.3
Hard Drive Image Backup Procedures
To allow for emergency recovery from a hard drive failure, frequent images of the hard drive
should be created and stored in a secure location.
In the event of a hard drive failure, the latest
image can be restored to a new hard drive and access to the encrypted data may be re-established.
NOTE
All encrypted and unencrypted data that was added after the last image was created will be lost.
1.13.3.4
Clear Text Backup (Optional)
It is recommended that system owners follow the
Hard Drive Image Backup Procedures
.
To
backup select files without creating a drive image, files can be moved from secured programs or
drive letters to an unencrypted directory.
The unencrypted (clear text) files may then be backed up
to a removable media and stored in a secure location.
The advantage of the clear text backup is
that no TPM key is required to restore the data.
This option is not recommended because the data
is exposed during backup and restore.
1.13.4
Trusted Platform Module Ownership
The Trusted Platform Module is disabled by default when shipped and the owner/end customer of
the system assumes “ownership” of the TPM.
This permits the owner of the system to control
initialization of the TPM and create all the passwords associated with the TPM that is used to
protect their keys and data.
System builders/integrators may install both the Infineon Security Platform software and the Wave
System EMBASSY Trust Suite, but SHOULD NOT attempt to use or activate the TPM or either
software package.