Tpm Settings Of Security Information; Works To Be Done Before And After Introduction - Canon imageRUNNER ADVANCE C3325 Series Service Manual

2
Technical Explanation > Main Controller > Security Function (Encryption Key, Certificate and Protection of Password) > Works to be Done Before and After Introduction
When the TPM settings are disabled, the TPM key becomes invalid, so the security
information is protected only by the shared key. In that case, the security information of each
machine is protected at the same level as that of conventional machines.
When the TPM settings are disabled, the security information consists of a shared key and
the information of multiple passwords stored in the Flash memory. Unlike when the TPM
settings are enabled, stored password information is initialized upon failure/replacement of
the Flash memory.
● TPM Settings of Security Information
Whether to use TPM can be selected for security information by changing the TPM settings in
the Settings/Registration mode.
• When TPM Settings is On
In this case, four-stage security information (TPM key, public key, shared key and
password) is enabled.
• When TPM Settings is Off
In this case, two-stage security information (shared key and password) is enabled.
2 Technical Explanation > Main Controller > Security Function (Encryption Key, Certificate and Protection of Password) > Works to be Done Before and After Introduction

■ Works to be Done Before and After Introduction

The setting is required in Settings/Registration mode. ("TPM Settings" at the time of shipment:
Off)
• Enabling of the Function
• Backup of TPM key
• Restoration of TPM key
• Disabling of the Function
As a general rule, these works should be performed by the user.
CAUTION:
When configuring the TPM Settings to "On", advise the user of the following points.
• After setting it to "On", immediately back up the TPM key.
• Be sure to remember the password set when the TPM key was backed up.
• Do not lose the USB flash drive containing the backup file of the TPM key.
• When replacing the TPM PCB due to a failure, etc, the TPM key needs to be
restored after replacement. (Restore TPM Key is enabled only when replacing the
TPM PCB.)
• If the TPM key is not restored, the security information (passwords, encryption keys
and certificates) cannot be used.
• It is necessary to execute "Initialize All Data/Settings" first to enable TPM settings
again when the TPM key could not be restored due to reasons such as having lost a
USB flash drive. It is because of the security issue that arises if Settings/Registration
data is kept as-is.
2-16
2-16