Product Description
15.Follow the instructions and create and document the locations for both the archive and restoration key files. The key archive should be located on a removable media and stored in a secure location when not in use.
16.Create and document the password to protect the key archive.
17.Provide the TPM Owner password to allow the Key Transfer Manager to create the archive and restoration key files.
18.Upon completing the configuration of the Key Transfer Manager, it will place an icon in the task bar and automatically back up all new and updated keys associated with the EMBASSY Trust Suite. If the removable media that contains the archive file is not present when a new key is generated, then keys will have to be manually backed up using the Key Transfer Manager when the removable media is available.
19.All passwords associated with the Infineon Security Platform Software (Owner, Emergency Recovery Token, and User passwords) and Wave Systems EMBASSY Trust Suite and Key Transfer Manager are not recoverable and cannot be reset without the original text. These passwords should be documented and stored in a secured location (vault, safe deposit box, off- site storage, etc.) in case they are needed in the future. These documents and files should be updated after any password changes.
1.15.7Recovery Procedures
1.15.7.1Recovering from Hard Disk Failure
Restore the latest hard drive image from backup to the new hard drive – no TPM specific recovery is necessary.
1.15.7.2Recovering from Desktop Board or TPM Failure
This procedure may restore the migratable keys from the Emergency Recovery Archive, and does not restore any previous keys or content to the TPM. This recovery procedure may restore access to the Infineon Security Platform software and Wave Systems EMBASSY Trust Suite that are secured with migratable keys.
Requirements:
•Emergency Recovery Archive (created with the Infineon Security Platform Initiation Wizard)
•Emergency Recovery Token (created with the Infineon Security Platform Initiation Wizard)
•Emergency Recovery Token Security Password (created with the Infineon Security Platform Initiation Wizard)
•Working original operating system (OS) installation, or a restored image of the hard drive
•Wave Systems Key Transfer Manager archive password
•TPM Ownership password
This recovery procedure only restores the migratable keys from the previously created Recovery Archives.
1.Replace the desktop board with the same model as the failed board.
2.Start the original operating system or restore the original hard drive image.
3.Start the Infineon Security Platform Initialization Wizard and check the “I want to restore the existing Security Platform” box.
51
