Remerciez-le!

Remerciez @Admin pour avoir partagé cet document gratuitement, de la manière la plus simple, en partageant sur les réseaux sociaux.

TPM (Trusted Platform Module) Installation Guide 2 TPM Installation Guide Table

TPM (Trusted Platform Module) Installation Guide 2 TPM Installation Guide Table of contents 1. Introduction 1.1 Convention ............................................................................... 4 1.2 TPM - An Overview .................................................................. 5 2. Using TPM for the first time 2.1 Enabling TPM ........................................................................... 6 2.2 Installing the Infineon TPM Professional Package ................... 7 2.3 Registering Owners and Users in TPM .................................... 7 3. Personal Secure Drive 3.1 Advantages of Personal Secure Drive .................................... 11 3.2 Personal Secure Drive (PSD) - Basic Operation .................... 11 4. Secure E-Mail Configuration ..................................................................................... 13 5. EFS (Encrypting File System) Extension 6. TOSHIBA Password Utility 7. Migration of the TPM Environment and Disposal 7.1 Migration ................................................................................. 16 7.2 PC Disposal ............................................................................ 16 8. Recovery for TPM 8.1 Emergency Recovery Process - An Overview ........................ 17 8.2 Resetting the User Password ................................................. 17 8.3 PSD restore ............................................................................ 17 Index TPM Installation Guide 3 Copyright This guide is copyrighted by Toshiba Corporation with all rights reserved. Under the copyright laws, this guide cannot be reproduced in any form without the prior written permission of Toshiba. No patent liability is assumed, however, with respect to the use of the information contained herein. © 2005 by Toshiba Corporation. All rights reserved. Trademarks Microsoft and Windows are trademarks of Microsoft Corporation in the United States and/or other countries. All other brand and product names are trademarks or registered trademarks of their respective companies. 4 TPM Installation Guide 1 Introduction Your computer has an integrated Trusted Platform Module (TPM). To activate TPM, you will need to either enable it or install the Infineon Security Platform Tools software. This installation guide describes how to install and configure TPM. Before using TPM, please read this Installation Guide carefully. 1. 1 Convention This guide uses the following formats to describe, identify, and highlight terms and operating procedures. Safety Icons This guide contains safety instructions that must be observed in order to avoid potential hazards that could result in personal injuries, damage to your equipment, or loss of data. These safety cautions have been classified according to the seriousness of the risk, and the icons highlight these instructions as follows: Indicates an imminently hazardous situation which, if not avoided, will result in death or serious injury. Indicates a potentially hazardous situation which, if not avoided, could result in death or serious injury. Indicates a potentially hazardous situation which, if not avoided, may result in minor or moderate injury. Indicates a potentially hazardous situation which, if not avoided, may result in property damage. Provides important information. TPM Installation Guide 5 1. 2 TPM - An Overview The built-in security controller TPM based on the Trusted Computing Group specifications. TPM offers data protection by using secret encryption keys instead of secret encryption formulae (Algorithms). In encryption based solely on software, there is a danger that the encryption key saved in the file or read into the PC’s memory could be read and deciphered. By storing the encryption key in TPM instead, the data is more securely protected. As TPM uses public and standardized specifications, a more secure PC environment can be built by utilizing the corresponding security solution. For additional TCG specification information visit their website at http://www.trustedcomputinggroup.org/ Encryption, Certificates and Passwords ■ TPM offers a feature to create and set multiple encryption keys, certificates and passwords. Once set, make sure the passwords are carefully stored and encryption key files are backed up. If these settings are lost or forgotten, files encrypted using this TPM cannot be decrypted and the encrypted data cannot be accessed. TPM ■ Though TPM offers the latest security features, it does not guarantee complete data and hardware protection. Please note that Toshiba is not responsible for any failure or damage that might be caused due to the use of this feature. If multiple users have been registered in Microsoft® Windows® and if these users are to use TPM, each user must log into Windows® and register individually. 6 TPM Installation Guide 2 Using TPM for the first time This manual contains only the general guidelines. Please refer to and read the TPM HELP after installing the TPM Professional Package. When using TPM for the first time, you will need to configure it as follows. (The settings 1 - 3 can be done by logging in as Windows® administrator.) 1. Enable TPM. 2. Install the Infineon TPM Professional Package. 3. Register the owner and users in TPM. 2. 1 Enabling TPM To enable TPM, perform the following BIOS settings: 1. Switch on your computer while pressing the Esc key. 2. A message is displayed. Press the F1 key. 3. The BIOS Setup screen is displayed. 4. Press Page Down to see the next screen. 5. Set the TPM in SECURITY CONTROLLER to Enable. 6. Press the End key, save the changes to the BIOS settings and press Y key. Internal data consistency in TPM is not guaranteed when the computer is sent for repair or maintenance. Before sending the computer for repair or maintenance, please make a backup of not only the files in the HDD (Hard Disk Drive), but also the TPM data by using the backup feature. (Refer to Chapter 8 - Recovery for TPM.) The security functions that use TPM can no longer work properly if the data in TPM is lost. (Example: Files that were encrypted using TPM can no longer be opened.) Failure to do so may result in possible data loss. ■ TPM is shipped with the Disabled setting by default. Also, there might be cases where the TPM is set to Disabled after the computer has been sent for repair or maintenance. Please enable TPM by reconfiguring it again. ■ To prevent anybody other than the administrator and users of this computer from changing the BIOS settings, it is strongly recommended that you set a BIOS password and a BIOS supervisor password. Please refer to the Computer User’s guide on how to set these passwords. TPM Installation Guide 7 2. 2 Installing the Infineon TPM Professional Package Install the “Infineon TPM Professional Package” from the Preinstalled Drivers Depository. To do so, run the following file to start the installation wizard: C:\TOOLSCD\Trusted Platform Module\setup.exe The Infineon TPM Professional Package includes the following software and features: ■ Security Platform Getting Help ■ Security Platform Settings Tool ■ Security Platform Initialization Wizard ■ Security Platform User Initialization Wizard ■ Security Platform Migration Wizard ■ Security Platform Backup Wizard ■ Security Platform Password Reset Wizard ■ Security Platform PKCS #12 Import Wizard ■ Security Platform Certificate viewer and Certificate Selection ■ Security Platform Status Indicator Applet ■ Security Platform Integration Services ■ Microsoft® Outlook® Integration ■ Netscape® Integration ■ Encrypted File System Integration ■ Personal Secure Drive ■ Policy Administration ■ Security Platform Services ■ TSS (TCG Software Stack) Service Provider ■ TSS Core Service ■ TSS Device Driver Library 2. 3 Registering Owners and Users in TPM 1. Click the Security Platform icon in the task tray and select Security Platform Initialization. 2. TPM starts up and its screen is displayed. Click the Next button. 3. In the Initialization screen, select Initialize a new Security Platform. And click the Next button. 8 TPM Installation Guide 4. In the Create Security Platform Owner screen for owner authentication, enter the password in the Password and Confirm Password text boxes and click the Next button. 5. The Features screen will be displayed. Select the Security Platform function to set and click the Next button. Refer to Help for more details on the Security Platform functions. 6. In the Backup screen, specify the location for creating and saving the backup file. Click the Next button. 7. In the Emergency Recovery screen, select the Create a new Recovery Token and specify the location for creating and saving the Emergency Recovery Token. 8. In the Emergency Recovery screen for Emergency Recovery Token authentication, enter the password in the Password and Confirm Password text boxes and click the Next button. 9. In the Password Reset screen, select the Create a new Token and specify the location for creating and saving the Password Reset Token. 10. In the Password Reset screen for Password Reset Token authentication, enter the password in the Password and Confirm Password text boxes and click the Next button. ■ If there are multiple computers with TPM, the token for each computer is different and should be stored separately. ■ The recovery token for the registered TPM owner* cannot be recreated. In order to prevent loss, multiple copies of the token should be created and stored, as recommended in the note above. *The same TPM owner name can be created by initializing TPM at the BIOS menu and registering a new owner, however, as the owner is actually different from the previously registered owner in this case, previously encrypted files cannot be decrypted. ■ If the token is leaked to or stolen by third parties together with the password, they would be able to access the encrypted data. Therefore, it is strongly advised that the tokens and passwords are stored uploads/s3/ tpm-guide.pdf