Trusted Platform Module
done, the removable media should be stored in a secure location. No copies of this Emergency Recovery Token file should remain on the system. If a copy remains on the system, it could be used to compromise the security of the platform.
9.Launch the Infineon Security Platform User Initialization Wizard.
10.Create a Basic User password (this password is the most frequently used and should not match any other password).
11.Select and configure Security Platform features for this user.
12.After completing the Infineon Security Platform User Initialization Wizard, a copy of the Emergency Recovery Archive (SPEmRecArchive.xml) should be copied to a removable media and stored in a secure location. This procedure should be repeated after any password changes or the addition of new users.
13.Restart the system.
14.To backup the keys for the EMBASSY Trust Suite, the Key Transfer Manager software must be configured. Launch the Key Transfer Manager from the program menu.
15.Follow the instructions and create and document the locations for both the archive and restoration key files. The key archive should be located on a removable media and stored in a secure location when not in use.
16.Create and document the password to protect the key archive.
17.Provide the TPM Owner password to allow the Key Transfer Manager to create the archive and restoration key files.
18.Upon completing the configuration of the Key Transfer Manager, it will place an icon in the task bar and automatically back up all new and updated keys associated with the EMBASSY Trust Suite. If the removable media that contains the archive file is not present when a new key is generated, then keys will have to be manually backed up using the Key Transfer Manager when the removable media is available.
19.All passwords associated with the Infineon Security Platform Software (Owner, Emergency Recovery Token, and User passwords) and Wave Systems EMBASSY Trust Suite and Key Transfer Manager are not recoverable and cannot be reset without the original text. These passwords should be documented and stored in a secured location (vault, safe deposit box, off- site storage, etc.) in case they are needed in the future. These documents and files should be updated after any password changes.
Recovery Procedures
How to Recover from Hard Disk Failure
Restore the latest hard drive image from backup to the new hard drive – no TPM specific recovery is necessary.
How to Recover from Desktop Board or TPM Failure
This procedure may restore the migratable keys from the Emergency Recovery Archive, and does not restore any previous keys or content to the TPM. This recovery procedure may restore access to the Infineon Security Platform software and Wave Systems EMBASSY Trust Suite that are secured with migratable keys.
67
