Setup guide
Using Enhanced Security with TPM (select models only)
After the Trusted Platform Module (TPM) is activated and the Drive Encryption Enhanced Security
with TPM functionality is selected, the Drive Encryption password is protected by the TPM security
chip. If the hard drive is removed and installed in another computer, access to the drive is denied.
CAUTION: TPM ownership cannot be shared with Windows TPM.msc and Embedded Security.
Use of Embedded Security for HP ProtectTools is highly recommended.
If Embedded Security for HP ProtectTools is enabled on the computer, and TPM.msc takes
ownership, you are locked out of the computer.
NOTE: Because the password is protected by the TPM security chip, if the hard drive is moved to
another computer, data cannot be accessed unless the TPM settings are migrated to that computer.
To activate the TPM security chip, follow these steps:
NOTE: The TPM option must be enabled in BIOS Setup.
▲
Use Embedded Security for HP ProtectTools. For more information, see the Embedded Security
software Help.
– or –
▲
Use TPM.msc:
a. Click Start, type tpm.msc in the Search box, and then press enter.
TPM Management Console is displayed.
b. In the Actions pane, click Initialize TPM.
The TPM Initialization Wizard starts.
c. Follow the on-screen instructions to turn on the TPM security hardware, create a TPM
password, and take ownership of the TPM.
To activate enhanced security with TPM, follow these steps:
NOTE: If your computer does not have a TPM security chip, or if TPM has not been activated, this
option is not available.
1. Click Start, click All Programs, click Security and Protection, and then click HP ProtectTools
Administrative Console.
2. In the left pane, click the + icon to the left of Drive Encryption to display the available options.
3. Click Settings.
4. Select the Enhance security with TPM check box.
60 Chapter 6 Drive Encryption for HP ProtectTools (select models only)