Intel Desktop Board D925XCV/D925XBC Technical Product Specification
1.15.3 Security Precautions
Security, like any other aspect of computer maintenance requires planning. What is unique about
security has to do with understanding who "friends" and adversaries are. The TPM provides
mechanisms to enable the owner/user to protect their information from adversaries. To provide this
protection the TPM effectively puts "locks" around the data. Just like physical locks, if keys or
combinations are lost, the assets (i.e., data) may be inaccessible not only to adversaries, but also to
asset owner/user.
The TPM provides two classes of keys: migratable and non-migratable. Migratable keys are
designed to protect data that can be used (i.e., unencrypted) on more than one platform. This has
the advantage of allowing the key data to be replicated (backed-up and restored) to another
platform. This may be because of user convenience (someone uses more than one platform, or the
data needs to be available to more than one person operating on different platforms). This type of
key also has the advantage in that it can be backed-up and restored from a defective platform onto a
new platform. However, migratable keys may not be the appropriate level of protection (e.g., the
user wants the data restricted to a single platform) needed for the application. This requires a non-
migratable key. Non-migratable keys carry with them a usage deficit in that while the key may be
backed-up and restored (i.e., protected from hard disk failure) they are not protected against system
or TPM failure. The very nature of a non-migratable key is that they can be used on one and only
one TPM. In the event of a system or TPM failure, all non-migratable keys and the data associated
with them will be inaccessible and unrecoverable.
CAUTION
The following precautions and procedures may assist in recovering from any of the previously
listed situations. Failure to implement these security precautions and procedures may result in
unrecoverable data loss.
1.15.3.1 Password Procedures
The Infineon Security Platform software allows users to configure passwords from 6 to 255
characters. A good password should consist of:
• At least one upper case letter (A to Z)
• At least one numerical character (0 to 9)
• At least one symbol character (!, @, &, etc.)
Example Passwords: “I wear a Brown hat 2 worK @ least once-a-month” or
“uJGFak&%)adf35a9m”
✏
NOTE
Avoid using names or dates that can be easily guessed such as: birthdays, anniversaries, family
member names, pet names, etc.
All passwords associated with the Infineon Security Platform software (Owner, Emergency
Recovery Token, and User passwords) and the Wave Systems EMBASSY Trust Suite are NOT
RECOVERABLE and cannot be reset without the original text. The system owner should document
all passwords, store them in a secured location (vault, safe deposit box, off-site storage, etc.), and
have them available for future use. These documents should be updated after any password changes.
48