HP Compaq 2210b User Manual page 73

Short description
Errors occur after a power
loss interrupts Embedded
Security initialization.
The Computer Setup
(f10) Utility password can
be removed after enabling
the TPM Module.
The PSD password box is
no longer displayed when
the system becomes
active after standby status
No password is required
to change the Security
Platform Policies.
When a certificate is
viewed, it shows as non-
trusted.
ENWW
Details
If there is a power loss during the
initialization of the Embedded Security
chip, the following issues occur:
●
When attempting to launch the
Embedded Security Initialization
Wizard, the following error
message is displayed: The
Embedded security cannot be
initialized since the Embedded
Security chip already has an
Embedded Security owner.
●
When attempting to launch the User
Initialization Wizard, the following
error message is displayed: The
Embedded security is not
initialized. To use the wizard, the
Embedded Security must be
initialized first.
Enabling the TPM module requires a
Computer Setup (f10) Utility password.
When the module has been enabled, the
user can remove the password. This
allows anyone with direct access to the
system to reset the TPM module and
cause possible loss of data.
When a user logs on to the system after
creating a PSD, the TPM asks for the
Basic User password. If the user does
not type the password and the system
initiates Standby, the password dialog
box is no longer available when the user
resumes.
Access to Security Platform Policies
(both Machine and User) does not
require a TPM password for users who
have administrative rights on the system.
After setting up HP ProtectTools and
running the User Initialization Wizard, the
user has the ability to view the certificate
issued; however, when the certificate is
viewed, it shows as non-trusted. While
the certificate can be installed at this
point by clicking the install button,
installing it does not make it trusted.
Solution
Perform the following procedure to recover from the
power loss:
NOTE: Use the arrow keys to select various
menus, menu items, and to change values
(unless otherwise specified).
1. Start or restart the computer.
2. Press f10 when the f10=Setup message appears
on the screen.
3. Select the appropriate language option.
4. Press enter.
5. Select Security > Embedded Security.
6. Set the Embedded Security Device option to
Enable.
7. Press f10 to accept the change.
8. Select File > Save Changes and Exit.
9. Press enter.
10. Press f10 to save the changes and exit the utility.
This is as designed.
The Computer Setup (f10) Utility password can only be
removed by a user who knows the password. However,
HP strongly recommends having the Computer Setup
(f10) Utility password protected at all times.
This is by design.
The user has to log off and back on to view the PSD
password box again.
This is by design.
Any administrator can modify the Security Platform
Policies with or without TPM user initialization.
Self-signed certificates are not trusted. In a properly
configured enterprise environment, EFS certificates are
issued by online Certification Authorities and are
trusted.
Embedded Security for HP ProtectTools 67