Intel D865GRH manual Security Precautions

Page 86

Intel Desktop Boards D865GRH Product Guide

Loss of Trusted Platform Module Ownership: Trusted Platform Module Ownership/contents may be cleared (via a BIOS switch) to allow for the transfer of a system to a new owner. If TPM ownership is cleared, either intentionally or in error, recovery procedures may allow the migratable keys to be recovered and may restore access to encrypted data. Read the Security Precautions for Emergency Recovery File Back Up Procedures.

TPM Keys are Hierarchical: All TPM keys have a place within a hierarchy. Within this hierarchy, keys must be loaded into the TPM before child keys can be used. It may not be obvious that any particular key is child or parent. If a key is backed up but the parent key is either not available or the password for the parent key is not available, the associated data will not be available. Read the Security Precautions for Emergency Recovery File Back Up Procedures.

Security Precautions

Security, like any other aspect of computer maintenance, requires planning. What is unique about security has to do with understanding who are “friends” and who are adversaries. The TPM provides mechanisms to enable the owner/user to protect their information from adversaries. To provide this protection, the TPM effectively puts “locks” around the data. Just like physical locks, if keys or combinations are lost, the assets (data) may be inaccessible not only to adversaries, but also to asset the owner/user.

The TPM provides two classes of keys: migratable and non-migratable. Migratable keys are designed to protect data that can be used (unencrypted) on more than one platform. This has the advantage of allowing the key data to be replicated (backed-up and restored) to another platform. This may be because of user convenience (someone uses more than one platform, or the data needs to be available to more than one person operating on different platforms). This type of key also has the advantage in that it can be backed-up and restored from a defective platform onto a new platform. However, migratable keys may not be the appropriate level of protection (for example, the user wants the data restricted to a single platform) needed for the application. This requires a non-migratable key.

Non-migratable keys carry with them a usage deficit in that while the key may be backed-up and restored (protected from hard disk failure), they are not protected against system or TPM failure. The very nature of a non-migratable key is that they can be used on one and only one TPM. In the event of a system or TPM failure, all non-migratable keys and the data associated with them will be inaccessible and unrecoverable.

CAUTION

The following precautions and procedures may assist in recovering from any of the previously listed situations. Failure to implement these security precautions and procedures may result in unrecoverable data loss.

86

Page 85 Page 87
Image 86
Page 85 Page 87
Contents Intel Desktop Board D865GRH Product Guide FCC Declaration of Conformity Revision HistoryRevision Revision History Date Canadian Department of Communications Compliance StatementInformation Layout PrefaceIntended Audience ConventionsTerm Description NotationsIntel Desktop Boards D865GRH Product Guide Contents Updating the Bios Contents Trusted Platform ModuleFigures Contents Intel Desktop Boards D865GRH Product Guide Form Factor Desktop Board FeaturesFeature Summary Supported Operating Systems SecurityDesktop Board Features Desktop Board ComponentsLabel Description Go to the following links for the latest information aboutDesktop Board Components Type Designation GHz FSB Frequency MHz L2 Cache KB ProcessorSupported Processors Main Memory Front Side Bus Memory Speed Processor Frequency OutcomeAudio Subsystem Intel 865G ChipsetGraphics Subsystem Flexible 6-Channel Audio with Jack SensingLAN Subsystem Optional LAN Subsystem Software RJ-45 LAN Connector LEDsRJ-45 10/100/1000 Gigabit Ethernet LAN Connector LEDs LED Color LED State IndicatesEnhanced IDE Interface Input/Output I/O ControllerHi-Speed USB 2.0 Support Security Passwords PCI Auto ConfigurationIDE Auto Configuration Accelerated Graphics Port AGPFan Connectors Power Management FeaturesPower Connectors Chassis IntrusionFan Speed Control Intel Precision Cooling Technology Suspend to RAM Instantly Available PC TechnologyWake from USB SpeakerResume on Ring Wake from PS/2 Keyboard/MouseBattery Real-Time ClockInstalling and Replacing Desktop Board Components Before You BeginEnsure Electromagnetic Compatibility EMC Compliance Installation PrecautionsInstallation Instructions Installing and Replacing Desktop Board Components Prevent Power Supply OverloadPlace Battery Marking Chassis and Component CertificationsInstalling the I/O Shield Use Only for Intended ApplicationsInstalling and Removing the Desktop Board Location of Mounting Screw HolesInstalling the Processor Fan Heat Sink Installing and Removing a ProcessorInstalling a Processor Connecting the Processor Fan Heat Sink Cable Removing the ProcessorInstalling and Removing Memory Installing a Memory ModuleInstalling DIMMs Dual Configuration Example with Two DIMMsRemoving DIMMs Removing the AGP Card Installing and Removing an AGP CardInstalling an AGP Card Connecting the IDE Cable Connecting the IDE CableConnecting the Serial ATA Cable Connecting the Serial ATA CableConnecting Internal Headers Shows the location of internal headersConnecting the Front Panel Header Connecting USB 2.0 HeadersInstalling a Front Panel Audio Solution Front Panel Audio Header Signal Names J9A2Multi-Channel Digital Audio Setting up the Flexible 6-Channel Audio with Jack SensingMulti-Channel Analog Audio Item DescriptionConnecting Hardware Control and Power Cables Location of Hardware Control Headers and Power ConnectorsConnecting Power Supply Cables Connecting the Chassis Intrusion CableConnecting Fans Add-In Card and Peripheral Interface Connectors PCI Bus Add-in Card and Peripheral Interface ConnectorsJumper Setting Mode Description Setting the Bios Configuration Jumper BlockJumper Settings for the Bios Setup Program Modes J9J4 Clearing Bios Passwords Back Panel Connectors Shows the back panel connectorsReplacing the Battery PrécautionAvvertimento Awas Removing the Battery Intel Desktop Boards D865GRH Product Guide Updating the Bios Updating the Bios with the Intel Express Bios Update UtilityUpdating the Bios Updating the Bios with the Iflash Memory Update UtilityObtaining the Bios Update File Recovering the Bios Updating the BiosIntel Desktop Boards D865GRH Product Guide Bios Setup Program Menu Bar Using the Bios Setup ProgramShows the Bios Setup program menu bar Maintenance Menu Maintenance MenuBios Setup Program Function Keys Shows the function keys available for menu screensEnglish default Using the Bios Setup ProgramEnabled default Main MenuAdvanced Menu Security Power Boot ExitAdvanced Menu MainPCI Configuration PCI Configuration SubmenuPCI Configuration Submenu Auto defaultFeature Options Plug & Play O/S No default Yes Boot Configuration SubmenuBoot Configuration On defaultPeripheral Configuration Peripheral Configuration SubmenuPeripheral Configuration Submenu 3F8 defaultIRQ 7 default Bi-directional defaultDefault Enhanced default ATA/IDE Configuration SubmenuATA/IDE Configuration Submenu Pata Pri and Sec defaultPata and Sata Submenus Sata and Pata SubmenusSwdma Mwdma Udma Diskette Configuration Submenu Diskette Configuration SubmenuThis submenu shown in is used to configure the floppy drive Diskette ConfigurationEvent Log Configuration Event Log Configuration SubmenuEvent Log Configuration Submenu Video Configuration Submenu Video Configuration SubmenuSubmenu shown in is used to configure video features MB defaultUSB Configuration Submenu USB Configuration SubmenuSubmenu shown in is used to configure USB features ConfigurationChipset Configuration Chipset Configuration SubmenuChipset Configuration Submenu Default defaultExtended Configuration Fan Control Submenu Fan Control ConfigurationSlow default Hardware ManagementHardware Monitoring Hardware Monitoring SubmenuHardware Monitoring Submenu Security Menu Main Advanced Security Power Boot ExitYes default Security MenuPower Menu Power MenuMenu shown in is used to set power management features Last State defaultState default Submenu represented in is for setting the Acpi featuresAdvanced Configuration and Power Interface Acpi SubmenuMain Advanced Security Power Boot MenuBoot Menu Boot Device Priority Submenu Boot Device Priority SubmenuSubmenu represented in is for setting boot devices priority Options DescriptionHard Disk Drives Submenu Submenu shown in is for setting hard disk drivesHard Disk Drives Submenu Removable Devices Submenu Submenu in shown is for setting removable devicesRemovable Devices Submenu Atapi CD-ROM Drives Submenu Submenu shown in is for setting Atapi CD-ROM drivesAtapi CD-ROM Drives Exit Menu Feature DescriptionExit Menu Trusted Platform Module System RequirementsSecurity Precautions Hard Drive Image Backup Procedures Password ProceduresEmergency Recovery File Back Up Procedures Trusted Platform ModuleEnabling the Trusted Platform Module Clear Text Backup OptionalTrusted Platform Module Ownership Assuming Trusted Platform Module Ownership Recovery Procedures Clearing Trusted Platform Module Ownership Software SupportIntel Desktop Boards D865GRH Product Guide DMA Channels Desktop Board ResourcesMemory Map System Memory MapInterrupts InterruptsBeep Codes Error Messages and IndicatorsBios Beep Codes Number of Beeps DescriptionError Message Explanation Bios Error MessagesBios Error Messages Error Messages and Indicators Nvram / Cmos / PasswordIntel Desktop Boards D865GRH Product Guide Regulatory Compliance Safety RegulationsSafety Regulations European Union Declaration of Conformity StatementRecycling Considerations Product Ecology StatementsDisposal Considerations Regulatory Compliance EMC RegulationsEMC Regulations Description Mark Product Certification Markings Board LevelProduct Certification Markings
Top Page Image Contents