4 trusted platform module ownership – chiliGREEN D915GAGL User Manual

Page 50

Advertising
background image

Intel Desktop Board D915GAV/D915GAG Technical Product Specification

50

1.14.3.2

Emergency Recovery File Back Up Procedures

The Emergency Recovery Token (SPEmRecToken.xml) must be saved or moved to a removable
media (floppy, USB drive, CDR, flash media, etc). Once this is done, the removable media should
be stored in a secure location. DO NOT LEAVE ANY COPIES of the Emergency Recovery Token
on the hard drive or within any hard drive image backups. If a copy of the Emergency Recovery
Token remains on the system, it could be used to compromise the Trusted Platform Module and
platform.

After completing the Infineon Security Platform User Initialization Wizard, a copy of the
Emergency Recovery Archive (SPEmRecArchive.xml) should be copied to a removable media
and stored in a secure location. This procedure should be repeated after any password changes or
the addition of a new user.

1.14.3.3

Hard Drive Image Backup Procedures

To allow for emergency recovery from a hard drive failure, frequent images of the hard drive
should be created and stored in a secure location. In the event of a hard drive failure, the latest
image can be restored to a new hard drive and access to the encrypted data may be re-established.

NOTE

All encrypted and unencrypted data that was added after the last image was created will be lost.

1.14.3.4

Clear Text Backup (Optional)

It is recommended that system owners follow the Hard Drive Image Backup Procedures. To
backup select files without creating a drive image, files can be moved from secured programs or
drive letters to an unencrypted directory. The unencrypted (clear text) files may then be backed up
to a removable media and stored in a secure location. The advantage of the clear text backup is that
no TPM key is required to restore the data. This option is not recommended because the data is
exposed during backup and restore.

1.14.4

Trusted Platform Module Ownership

The Trusted Platform Module is disabled by default when shipped and the owner/end customer of
the system assumes “ownership” of the TPM. This permits the owner of the system to control
initialization of the TPM and create all the passwords associated with the TPM that is used to
protect their keys and data.

System builders/integrators may install both the Infineon Security Platform software and the Wave
System EMBASSY Trust Suite, but SHOULD NOT attempt to use or activate the TPM or either
software package.

Advertising
Popular Brands
Popular manuals