TPM Configuration

Frequently Asked Questions

Click on the question to show the answer. Expand All Answers

1. What is EMBASSY Remote Administration Server (ERAS) and what does it do for my network?

   The EMBASSY Remote Administration Server (ERAS) enables IT administrators remotely deploy and manage clients that are equipped with Trusted Platform Modules (TPM) and/or Seagate Momentus 5400 FDE.2 Trusted Drives.

2. Is EMBASSY® Trust Suite compatible with Vista?
   EMBASSY Trust Suite and Vista Compatibility
   

   Dell has released ETS "Lite" for Vista as version A14. This package includes Embassy Trust Suite, UPEK drivers, and the NTRU TSS. If your system shipped with a pre-installed copy of Embassy Trust Suite, you can obtain the Vista-compatible version from the Dell website.

   *** NOTE: Please follow the upgrade instructions found HERE. ***
   

   ETS Enterprise Security Dell Edition 3.x and Wave ETS 6.x fully support the Windows Vista OS.

   Previous versions of these products do not support the Windows Vista OS.
   

   Upgrading to a Vista-compatible version of ETS

   • Dell customers should visit the Dell website for updates. (For more information on obtaining updates for your Dell computer, please see this page.)
   • If you purchased ETS Enterprise through Envoy Data or Dell, you will need to purchase a new license.
3. How do I set up the TPM on an IBM/Lenovo?

   IBM ships its systems with the TPM disabled in the system’s BIOS, so before you do anything you must access the BIOS and enable the chip.

   1. To do this, reboot or power up your system and press the F1 key when you see the IBM logo screen or the POST screen.
   2. Once in the BIOS setup utility, use the arrow keys to select Security and press enter.
   3. Next select IBM Security chip and press enter.
   4. Now you should see the Current setting for the chip, if it is set to Disabled, press enter and choose Enabled on the blue window that pops up.
   5. Now press F10 to save your changes and reboot, select Yes when prompted by the Setup Confirmation.
   6. The next step is to visit the IBM Security web page and obtain the following software(click here for details):
      1. TPM Driver for your system
      2. Trusted Stack Software (Client Security Software)
   7. Once all of the software is installed, you will be asked to reboot, following the reboot you will be presented with a wizard that guides you through setting up and taking ownership of your TPM, adding users who are authorized to use the TPM, as well as setting passwords for them.

   Visit our Wave's Embassy Trust Suite page for details on TPM Management software.

4. How do I set up a TPM?

   The answer is platform specific. To get detailed instructions on installing and enabling your TPM, please visit the vendor’s support website for the product that you own to find the information you are looking for.

   Dell

   • Trusted Platform Module (TPM) Overview
   • Steps for Enabling a TPM on a Dell Computer

   Gateway

   • http://www.gateway.com
   • http://www.wave.com/support/Documents/gateway-001

   IBM

   • http://www.pc.ibm.com/us/security/
   • http://www.wave.com/support/Documents/ibm-001

   HP/Compaq

   • http://www.hp.com/products/security/
   • http://www.wave.com/support/Documents/hp-001

   Fujitsu. - There should be a sheet of paper that came with your laptop with instructions for how to order the CD that contains the software necessary to enable the TPM on your system. The CD will also contain instructions.

   Samsung - http://www.whatlaptop.co.uk/YUpxAcRo-WckGQ.html

5. How do I know if I have a TPM?

   To verify if your computer has a TPM you must go into the BIOS and check or you may go to the vendor’s website and search for the product in question to find out if the TPM is built into the motherboard.

6. What is a TPM?

   A TPM or Trusted Platform Module is a chip that is integrated into your system’s motherboard that stores information such as passwords, keys and certificates. The nature of this chip ensures that the information stored within is secure from external attack and physical theft.

   For further information visit the Trusted Computing Group TPM FAQs Website.

7. How do I set up TPM on my Dell?

   The answer is platform specific. To get detailed instructions on installing and enabling your TPM, please visit the Dell's support website for the product that you own to find the information you are looking for. Basic steps would include:

   • Turn on or reboot your computer, during the startup screen, press F2 to go to the BIOS setup menu.
   • On the BIOS menu, using the arrow keys go to Security settings category, press the < Enter > key. Select TPM Security and on the right side of the menu select On .
   • You have just turned On theTPM hardware on the BIOS, now you need to Activate the TPM. To do so you will need to restart the computer, during the startup screen, press F2 to go into the BIOS setup menu again.
   • On the BIOS menu, under Security select TPM Activation . On the right side you will select Activate .
   • You have just enabled the TPM hardware on the BIOS, now you save the configuration, by press <ESC> key, choose to Save/Exit , then the computer will be restarted.

   Go to the Dell Website and download the latest TPM device driver software.

   The package that you will download from the Dell website contains the following:

   • TPM device driver (Broadcom, Atmel, or ST Microelectronics)
   • NTRU TSS software
   • Dell Embassy Trust Suite PBA software
8. How can I tell if my TPM is working?
   Go to the Control Panel -> Systems -> Hardware -> Device Manager. Expand the System devices and search for the TPM device of your system, once you find it double-click on it to view the device’s Properties. If you are unable to view the TPM device on the device driver, you may need to enable the TPM on the BIOS and installed the device driver software.
9. How can I tell if my TPM is working in my Infineon based system?
   For Infineon based systems (HP/Compaq, Samsung, Fujitsu, Acer), there will be a control panel item installed when the device is properly setup called "Infineon Trusted Platform Module." Once you double-click on this you will be able to get information as to whether the chip is enabled and if a user has taken ownership, you will be given the ability to set a user password and disable the chip (if you know the owner password).
10. How can I tell if my TPM is working on my IBM/Lenovo computer?
    The easiest way to tell is to launch the configuration utility included with your system. Start > Programs > Access IBM > Thinkpad Configuration. Click the Security information icon on the lower left and then click the Security Chip tab. You will see a status that should say Enabled for the security chip and a status that should say Installed for the IBM Client Security Software. If these two conditions are met, then you are ready to begin working with your TPM-enabled software.
11. How do I set up an Infineon-Based systems TPM?
    Most Infineon-based systems come with the TPM enabled at the BIOS level. If you want to check that the TPM chip is enabled, you can reboot your system and access the BIOS by pressing the appropriate key and going to the security section of the BIOS. The status of the chip can be checked there. If you see that it is disabled, follow the instructions to change the status to Enabled. The next step is to install the software provided by your system’s manufacturer. This will either be on a setup CD or downloaded from the manufacturer’s support web page. Once the software has been successfully installed and you have completed rebooting the system you should notice an icon in your system tray that will say that your TPM has been installed and is now ready for you to take ownership. Clicking on that icon will launch the wizard that will guide you through the process of taking ownership and setting up keys and user passwords for the TPM on your system.
12. Will the TPM send my private information to third parties without my knowledge?
    No. The TPM is meant to store passwords, keys, certificates and biometric information, keeping them private for each individual user who is enabled to use the TPM on that system. Any time the TPM is accessed by a software request, you should be prompted for your user access password that you created during the TPM setup wizard so this way you will know when an application is interacting with the TPM. There is no inherent functionality in the TPM to periodically send information to a third party such as a government agency or your company’s IT department.
13. What is the Trusted Stack Software (TSS)?

    The TSS is a software specification that provides a standard API for accessing the functions of the TPM.

    Please visit the Trusted Computing Group website for further information on TSS specifications.

    • Trusted Computing Group TSS FAQ
    • Trusted Computing Group TSS 1.2 Specs FAQ
14. What are the main features of ERAS?

    ERAS gives IT administrator the tools they need to boost enterprise security while keeping deployment and management costs at a minimum.

15. How do TPMs compare with SmartCards or Biometrics?

    They are complementary to the TPM, which is considered a fixed token that can be used to enhance user authentication, data, communications, and/or platform security.

    A smartcard is a portable token traditionally used to provide more secure authentication for a specific user across multiple systems, while biometrics are providing that functionality in an increasing number of systems. Both technologies have a role in the design of more secure computing environments.

Additional Support

If you need additional information, please submit a Support Request Form. Customer Service will contact you within one business day with a response to your inquiry. To ensure quality customer service, please include your email address and a detailed description of the issue/inquiry.

Support Request Form