Optima x561 Verweisanleitung
8
Trusted Platform Module Quick Reference
11. After completing the archive function, the TPM Key Archive
(keyarchive.xml) that is now on a removable media should be stored in a
secure location. No copies of the keyarchive.xml should remain on the
system. This procedure should be repeated after any password changes or
the addition of new users or TPM enabled software.
secure location. No copies of the keyarchive.xml should remain on the
system. This procedure should be repeated after any password changes or
the addition of new users or TPM enabled software.
12. All passwords associated with the EMBASSY Security Center Software
(owner, TPM Key Archive, and other passwords) are not recoverable and
cannot be reset without the original password. These passwords should be
documented and stored in a secured location (vault, safe deposit box, or
off-site storage) in case they are needed in the future. These documents
should be updated after any password changes.
cannot be reset without the original password. These passwords should be
documented and stored in a secured location (vault, safe deposit box, or
off-site storage) in case they are needed in the future. These documents
should be updated after any password changes.
Recovery Procedures
How to Recover from a Hard Drive Failure
Restore the latest hard drive image from backup to the new hard drive – no TPM
specific recovery is necessary.
specific recovery is necessary.
How to Recover from a Desktop Board or TPM Failure
This procedure may restore the migratable keys from the TPM Key Archive, but
does not restore any previous keys or content to the TPM. This recovery
procedure may restore access to the EMBASSY Trust Suite that is secured with
migratable keys.
does not restore any previous keys or content to the TPM. This recovery
procedure may restore access to the EMBASSY Trust Suite that is secured with
migratable keys.
Requirements
•
TPM Key Archive file (keyarchive.xml file created with the EMBASSY
Security Center)
Security Center)
•
TPM Key Archive password (created with the EMBASSY Security Center)
•
Owner password
•
Working original operating system (OS) installation, or a restored image of
the hard drive
the hard drive
This recovery procedure may restore the migratable keys from the
previously created TPM Key Archive.
previously created TPM Key Archive.
1. Replace the desktop board with the same model as the failed board.
2. Start the original OS or restore the original hard drive image.
3. Start the EMBASSY Security Center.
4. Take ownership of the Trusted Platform Module (see Assuming Trusted
2. Start the original OS or restore the original hard drive image.
3. Start the EMBASSY Security Center.
4. Take ownership of the Trusted Platform Module (see Assuming Trusted
Platform Module Ownership, steps 3 and 4 only).
5. To restore a TPM Key Archive, select the Key Manager icon on the left
side of the EMBASSY Security Center and click on the Restore button.
6. Enter the password for the TPM Key Archive when prompted.