--------------------------------------------------------------------------------
Broadcom Secure Foundation (TM) TPM V1.7
Release Notes
--------------------------------------------------------------------------------
Contents:
1. Welcome
2. Installation
3. Broadcom Security Platform Software
3.1 Security Platform Initialization Wizard
3.2 Security Platform User Initialization Wizard
3.3 Security Platform Migration Wizard
3.4 Security Platform Backup Wizard
3.5 Security Platform Settings Tool
3.6 Security Platform Status Indication Applet
3.7 Security Platform Integration Services
3.8 Security Platform Services
4. If you have questions
5. Release Info
5.1 About this Release
5.2 Hardware and Software Platform Requirements
5.3 Version Information
5.4 Trusted Platform Module Firmware Upgrade
5.5 Known Bugs and Limitations
================================================================================
1. Welcome
Welcome to Broadcom Security Platform Software 1.7.
The Broadcom Security Platform Software is required to use your Trusted Platform Module.
The Broadcom Security Platform Software is a TCG-compliant
security solution for PCs.
For further information about TCG (Trusted Computing Group):
http://www.trustedcomputing.org
2. Installation
The Broadcom Security Platform Software installation - "Setup.exe" installs:
- Security Platform - Getting Started Guide
- Security Platform Platform Initialization Wizard
- Security Platform User Initialization Wizard
- Security Platform Migration Wizard
- Security Platform Backup Wizard
- Security Platform Settings Tool
- Security Platform Status Indication Applet
- Security Platform Integration Services
* Microsoft® Outlook® Integration
* Netscape® Integration
* Encrypted File System Integration
* Personal Secure Drive
* Policy Administration
- Security Platform Services
* TCG TSS Service Provider
* TCG TSS Core Service
* TCG TSS Device Driver Library
Note:
To install this software administrative rights are required.
Unattended Installation:
Silent installation can be done by calling the setup.exe with following command line parameters:
- Installation for all users: setup.exe /s /v"/qn"
3. Broadcom Security Platform Software
3.1 Security Platform Initialization Wizard
The Security Platform Initialization wizard allows you to initially set up your Security Platform
in order to become a Security Platform Owner.
3.2 Security Platform User Initialization Wizard
The Security Platform User Initialization wizard allows you to initially set up a Security Platform
user in order to take advantage of the Security Platform Integration Services.
3.3 Security Platform Migration Wizard
The Security Platform Migration wizard allows you to migrate your user keys and certificates
from a Security Platform to another Security Platform.
3.4 Security Platform Backup Wizard
The Security Platform Backup wizard allows you to backup your Security Platform related
credentials data.
3.5 Security Platform Settings Tool
The Security Platform Settings tool allows you to change the settings of your initialized Security Platform.
3.6 Security Platform Status Indication Applet
The Security Platform Status Indication applet provides general information about the actual state
of the Security Platform by displaying the appropriate information via an icon in the task notification area.
3.7 Security Platform Integration Services
The Trusted Platform Module Cryptographic Provider enables you to take advantage of your
Trusted Platform Module by applications utilizing the Microsoft Crypto-API.
For instance you can
- sign and encrypt e-mail using Microsoft® Outlook® or Microsoft® Outlook® Express
- access web-sites over a secure, two-sided authenticated SSL connection using
Microsoft Internet Explorer.
- encrypt your files by providing a seamless integration into the Encrypted File System (EFS)
of Microsoft® Windows® 2000 Professional and Microsoft® Windows® XP Professional.
The Trusted Platform Module PKCS#11 Provider enables you to take advantage of your
Trusted Platform Module by applications utilizing the PKSC#11 Crypto-API.
For instance you can
- sign and encrypt e-mail using Netscape e-mail clients
- access web-sites over a secure, two-sided authenticated SSL connection using
Netscape web browsers 7.0 and 4.79.
3.8 Security Platform Services
The Security Platform Services provides you with a TCG compliant software stack
running on your system.
The TCG Trusted Software Stack is built by the following modules:
- TCG TSS Device Driver Library
- TCG TSS Core Service
- TCG TSS Service Provider
The TCG Software Stack is an integral part of a TCG compliant platform,
and provides functions that can be used by enhanced operating systems and
applications.
After installation it is recommended to check whether a firmware update is available.
4. If you have questions
If you have any questions or problems, please contact your dealer first.
Further information and support is available under http://www.broadcom.com
5. Release Info
5.1 About this Release
This release contains the
- Security Platform - Getting Started Guide
- Security Platform Initialization Wizard
- Security Platform User Initialization Wizard
- Security Platform Migration Wizard
- Security Platform Backup Wizard
- Security Platform Settings Tool
- Security Platform Status Indication Applet
- Security Platform Integration Services
* Microsoft® Outlook® Integration
* Netscape® Integration
* Encrypted File System Integration
* Personal Secure Drive
* Policy Administration
- Security Platform Services
* TCG TSS Service Provider
* TCG TSS Core Service
* TCG TSS Device Driver Library
to enable access to the Trusted Platform Module by application utilizing
the interfaces as specified by
- TCG
- Microsoft® Crypto-API
- PKCS#11
5.2 Hardware and Software Platform Requirements
Operating Systems: - Microsoft Windows 2000 Professional ServicePack4 with
Microsoft Internet Explorer 5 or higher
- Microsoft Windows 2000 Server ServicePack4 with
Microsoft Internet Explorer 5 or higher
- Microsoft Windows XP Professional
- Microsoft Windows XP Home
Microsoft Office: - Microsoft Office 2000 SR-1 or higher
- Microsoft Office XP or higher
Netscape: - Netscape web browsers 7.0 and 4.79
Hardware Requirements: A PC capable to run one of the mentioned operating
systems and equipped with a Trusted Platform Module.
5.3 Version Information
Broadcom Secure Foundation (TM) TPM V1.7
5.4 Trusted Platform Module Firmware Upgrade
After installation it is recommended to check whether a firmware update is available
provided by http://www.broadcom.com
5.5 Known Bugs and Limitations
5.5.1 Firmware Limitations:
The Firmware released with this version has implemented the functionality
according to TCG Main Specification 1.1b (February 22, 2002) without:
- Audit (section 8.12)
- Maintenance (section 7.3)
- Set Redirection (section 8.17)
5.5.2 Problems with Trusted Platform Module:
In case an application using the Trusted Platform Module fails resetting the
Trusted Platform Module may solve the problem.
To reset the Trusted Platform Module shut down
the PC (turn off the computer after the system has shut down) and start PC again.
5.5.3 ATTENTION with Trusted Platform Module Cryptographic Provider:
Taking Ownership by the Security Platform Initialization wizard creates a new Storage Root Key.
Usually you will setup a Security Platform Owner only once for a specific Trusted Platform Module.
Since all your public key certificates are bound to the Trusted Platform Module's Storage Root Key,
you will no longer be able to use these certificates with a newly created Storage Root Key.
5.5.4 Emergency Recovery Archive availability:
If Basic User Key cannot be loaded (for example as a result of clearing
Trusted Platform Module Ownership and taking Ownership again) then Security Platform
User Initialization Wizard does not allow to proceed with user initialization.
The correct step in this situation is to run Security Platform Initialization Wizard and
perform Emergency Recovery by calling the wizard with command line option: "SpTPMWz.exe /restore".
If for some reason Emergency Recovery Archive is not available (for example it was lost or corrupted)
then Basic User Key cannot be restored. To proceed with creation of a new Basic User Key in this
situation Security Platform User Initialization Wizard must be started with "/forceinit" or "-forceinit"
command line option: "SpUserWz.exe /forceinit".
Note: new Basic User Key will be created and therefore all previously protected data will be lost.
5.5.5 Automatic authorization of destination computer for migration:
Destination platform may be automatically authorized for migration of user keys and certificates
with the help of "Browse..." button of the "Authorize..." dialog on the "Migration" tab of the
Security Platform Administration Tool. This feature has the following
limitation:
- in order to successfully authorize the destination platform the user account attempting to
perform this operation on the source platform must have administrative
privileges (be a member of Administrators group) for the destination platform.
5.5.6 EFS certificates are always self signed:
During user security features configuration the Security Platform Solution Software generates
a new certificate for use with EFS file and folder encryption. Currently this certificate is always
generated as self signed certificate even if your security policy is configured to request EFS
certificate from online certificate authority (CA).
Workaround: manually request EFS certificate protected by Trusted Platform Module
Cryptographic Provider and install it on your platform (for specific procedure contact your system administrator).
Then run Security Platform User Initialization Wizard and select "Select..." on Encryption Certificate page.
Select EFS certificate issued by your CA and proceed to finish security features configuration.
5.5.7 Migration of Security Platform
The migration process will install new user keys and certificates on the machine you are migrating to.
You will need to configure Security Platform Features for use with these new keys and certificates.
WARNING:
Migration process will also invalidate your existing Security Platform keys and certificates
installed on the machine you are migrating to. Your encrypted data may be lost as a result of this operation.
Please decrypt your encrypted data before proceeding with migration or contact your system administrator
for data recovery procedure.
5.5.8 Known Online Help Errors
There are some known HTML Help errors. For example, Security Updates for Internet Explorer might cause problems
(see Microsoft Security Bulletin MS03-048). These problems can be fixed with an HTML Help Update (see Microsoft Knowledge
Base Article 811630). Furthermore links to other help files might work only if all concerned help files are on the
local hard disk. For more information please search the Microsoft Knowledge Base's "Support & Troubleshooting"
category for "HTML Help".
5.5.9 No support for saving Personal Secure Drive content to a CD data disc at Windows XP
On XP Windows Explorer supports to write data directly to CD data discs with Joliet
and ISO-9660 file systems.
During the process of deleting a Personal Secure Drive it is not supported to select
such a CD data disc for saving the content of the Personal Secure Drive.
If you want to save the content of a Personal Secure Drive to a CD data disc use
Windows Explorer directly before deleting the Personal Secure Drive.
Download Driver Pack
After your driver has been downloaded, follow these simple steps to install it.
Expand the archive file (if the download file is in zip or rar format).
If the expanded file has an .exe extension, double click it and follow the installation instructions.
Otherwise, open Device Manager by right-clicking the Start menu and selecting Device Manager.
Find the device and model you want to update in the device list.
Double-click on it to open the Properties dialog box.
From the Properties dialog box, select the Driver tab.
Click the Update Driver button, then follow the instructions.
Very important: You must reboot your system to ensure that any driver updates have taken effect.
For more help, visit our Driver Support section for step-by-step videos on how to install drivers for every file type.