Product Description
15. Follow the instructions and create and document the locations for both the archive and
restoration key files. The key archive should be located on a removable media and stored in a
secure location when not in use.
16. Create and document the password to protect the key archive.
17. Provide the TPM Owner password to allow the Key Transfer Manager to create the archive and
restoration key files.
18. Upon completing the configuration of the Key Transfer Manager, it will place an icon in the
task bar and automatically back up all new and updated keys associated with the EMBASSY
Trust Suite. If the removable media that contains the archive file is not present when a new key
is generated, then keys will have to be manually backed up using the Key Transfer Manager
when the removable media is available.
19. All passwords associated with the Infineon Security Platform Software (Owner, Emergency
Recovery Token, and User passwords) and Wave Systems EMBASSY Trust Suite and Key
Transfer Manager are not recoverable and cannot be reset without the original text. These
passwords should be documented and stored in a secured location (vault, safe deposit box, off-
site storage, etc.) in case they are needed in the future. These documents and files should be
updated after any password changes.
1.15.7 Recovery Procedures
1.15.7.1 Recovering from Hard Disk Failure
Restore the latest hard drive image from backup to the new hard drive – no TPM specific recovery
is necessary.
1.15.7.2 Recovering from Desktop Board or TPM Failure
This procedure may restore the migratable keys from the Emergency Recovery Archive, and does
not restore any previous keys or content to the TPM. This recovery procedure may restore access
to the Infineon Security Platform software and Wave Systems EMBASSY Trust Suite that are
secured with migratable keys.
Requirements:
• Emergency Recovery Archive (created with the Infineon Security Platform Initiation Wizard)
• Emergency Recovery Token (created with the Infineon Security Platform Initiation Wizard)
• Emergency Recovery Token Security Password (created with the Infineon Security Platform
Initiation Wizard)
• Working original operating system (OS) installation, or a restored image of the hard drive
• Wave Systems Key Transfer Manager archive password
• TPM Ownership password
This recovery procedure only restores the migratable keys from the previously created Recovery
Archives.
1. Replace the desktop board with the same model as the failed board.
2. Start the original operating system or restore the original hard drive image.
3. Start the Infineon Security Platform Initialization Wizard and check the “I want to restore the
existing Security Platform” box.
51