Filter
Top Products
Trusted Platform Module
89
Assuming Trusted Platform Module Ownership
Once the TPM has been enabled, ownership must be assumed by using the Infineon Security
Platform Software. The owner/end user should use the following steps to take ownership of the
TPM.
1. Start the system.
2. Launch the Infineon Security Platform Initialization Wizard.
3. Create Owner password (before creating any password, review the password recommendations
made in Password Procedures).
4. Create a new Recovery Archive (note the file location and name).
5. Create Security Platform Emergency Recovery Token password (this password should not
match the owner password or any other password).
6. Define where to save the Emergency Recovery Token (note the file location and name).
7. The software will then create recovery archive files and finalize ownership of the TPM.
8. After completing the Infineon Security Platform Initialization Wizard, the Emergency
Recovery Token (SPEmRecToken.xml) must be moved
to removable media (floppy,
CD-ROM, flash media, etc). Once this done, the removable media should be stored in a secure
location. No copies of the Emergency Recovery Token file should remain on the system. If a
copy remains on the system, it could be used to compromise the security of the platform.
9. Launch the Infineon Security Platform User Initialization Wizard.
10. Create a User password (this password is the most frequently used and should not match any
other password).
11. Select and configure Security Platform features for this user.
12. After completing the Infineon Security Platform User Initialization Wizard, a copy of the
Emergency Recovery Archive (SPEmRecArchive.xml) should be copied to removable media
and stored in a secure location. This procedure should be repeated after any password changes
or the addition of new user.
13. All passwords associated with the Infineon Security Platform Software (Owner, Emergency
Recovery Token, and User passwords) are not recoverable and cannot be reset without the
original text. These passwords should be documented and stored in a secured location (vault,
safe deposit box, off-site storage, etc.) in case they are needed in the future. These documents
should be updated after any password changes.