Quick Reference Guide
8 Trusted Platform Module (TPM) Quick Reference Guide
Assuming Trusted Platform Module
Ownership
Once the TPM has been enabled, ownership must be assumed
by using the EMBASSY Security Center. The owner/end user
should follow the steps listed below to take ownership of the
TPM:
1. Start the system.
2. Launch the EMBASSY Security Center.
3. Select the Owner tab and click on the Establish button.
4. Create the Owner password (before creating any password,
review the Password Recommendations made earlier in this
document).
5. After successfully taking ownership of the TPM, select the
User tab and click on the Initialize button.
6. Enter the Windows login password to create and
synchronize the TCG Security Vault Password.
7. To create an archive of the TPM keys, select the Key
Manager icon on the left side of the EMBASSY Security
Center and click on the Archive button.
8. Choose a location to save the TPM Key Archive file
(removable media recommended; see Emergency Recovery
File Back Up Procedures for more information).
9. Create a password to protect the TPM Key Archive (this
password should not match the Owner password or any
other password).
10. Enter the Owner password when prompted.
11. After completing the archive function, the TPM Key Archive
(keyarchive.xml) that is now on a removable media
should be stored in a secure location. No copies of the
keyarchive.xml should remain on the system. This
procedure should be repeated after any password changes
or the addition of new users or TPM enabled software.
12. All passwords associated with the EMBASSY Security Center
Software (owner, TPM Key Archive, and other passwords)
are not recoverable and cannot be reset without the original
password. These passwords should be documented and
stored in a secured location (vault, safe deposit box, or off-
site storage) in case they are needed in the future. These
documents should be updated after any password changes.