Intel D915GAV Computer Hardware User Manual


 
Trusted Platform Module
67
done, the removable media should be stored in a secure location. No copies of this Emergency
Recovery Token file should remain on the system. If a copy remains on the system, it could be
used to compromise the security of the platform.
9. Launch the Infineon Security Platform User Initialization Wizard.
10. Create a Basic User password (this password is the most frequently used and should not match
any other password).
11. Select and configure Security Platform features for this user.
12. After completing the Infineon Security Platform User Initialization Wizard, a copy of the
Emergency Recovery Archive (SPEmRecArchive.xml) should be copied to a removable
media and stored in a secure location. This procedure should be repeated after any password
changes or the addition of new users.
13. Restart the system.
14. To backup the keys for the EMBASSY Trust Suite, the Key Transfer Manager software must
be configured. Launch the Key Transfer Manager from the program menu.
15. Follow the instructions and create and document the locations for both the archive and
restoration key files. The key archive should be located on a removable media and stored in a
secure location when not in use.
16. Create and document the password to protect the key archive.
17. Provide the TPM Owner password to allow the Key Transfer Manager to create the archive and
restoration key files.
18. Upon completing the configuration of the Key Transfer Manager, it will place an icon in the
task bar and automatically back up all new and updated keys associated with the EMBASSY
Trust Suite. If the removable media that contains the archive file is not present when a new key
is generated, then keys will have to be manually backed up using the Key Transfer Manager
when the removable media is available.
19. All passwords associated with the Infineon Security Platform Software (Owner, Emergency
Recovery Token, and User passwords) and Wave Systems EMBASSY Trust Suite and Key
Transfer Manager are not recoverable and cannot be reset without the original text. These
passwords should be documented and stored in a secured location (vault, safe deposit box, off-
site storage, etc.) in case they are needed in the future. These documents and files should be
updated after any password changes.
Recovery Procedures
How to Recover from Hard Disk Failure
Restore the latest hard drive image from backup to the new hard drive – no TPM specific recovery
is necessary.
How to Recover from Desktop Board or TPM Failure
This procedure may restore the migratable keys from the Emergency Recovery Archive, and does
not restore any previous keys or content to the TPM. This recovery procedure may restore access
to the Infineon Security Platform software and Wave Systems EMBASSY Trust Suite that are
secured with migratable keys.