09TPM/x64/program files/Infineon/Security Platform Software/US/Readme.txt Driver File Contents (TPM.zip)

Driver Package File Name: TPM.zip
File Size: 62.7 MB

--------------------------------------------------------------------------------
		Infineon TPM Professional Package 3.7
               		Release Notes
--------------------------------------------------------------------------------


Contents:

1. Welcome

2. Installation

3. Infineon Security Platform Software
  3.1 Security Platform Settings Tool
  3.2 Security Platform Quick Initialization Wizard
  3.3 Security Platform Initialization Wizard
  3.4 Security Platform User Initialization Wizard
  3.5 Security Platform Migration Wizard
  3.6 Security Platform Backup Wizard
  3.7 Security Platform Password Reset Wizard 	
  3.8 Security Platform PKCS #12 Import Wizard 	
  3.9 Security Platform Certificate Viewer and Certificate Selection 	
  3.10 Security Platform Taskbar Notification Icon
  3.11 Security Platform Integration Services
  3.12 Security Platform Services

4. If you have questions

5. Release Info
  5.1 Primary new Features
  5.2 About this Release
  5.3 Hardware and Software Platform Requirements
  5.4 Version Information
  5.5 Trusted Platform Module Firmware Upgrade
  5.6 Known Bugs and Limitations

================================================================================

1. Welcome

Welcome to the Infineon Security Platform Software 3.7
The Infineon Security Platform Software is required to use your Trusted Platform Module.
The Infineon Security Platform Software is a TCG-compliant security solution for PCs.

For further information about TCG (Trusted Computing Group):
https://www.trustedcomputinggroup.org

2. Installation

The Infineon Security Platform Software installation - "Setup.exe" installs:

- Security Platform Help
- Security Platform Settings Tool
- Security Platform Quick Initialization Wizard
- Security Platform Initialization Wizard
- Security Platform User Initialization Wizard
- Security Platform Migration Wizard
- Security Platform Backup Wizard
- Security Platform Password Reset Wizard
- Security Platform PKCS #12 Import Wizard
- Security Platform Certificate Viewer and Certificate Selection
- Security Platform Taskbar Notification Icon
- Security Platform Integration Services
    * Microsoft® Outlook® Integration
    * Mozilla Firefox and Thunderbird Integration
    * Encrypted File System Integration
    * Personal Secure Drive
    * Policy Administration
- Security Platform Services
    * TSS (TCG Software Stack) Service Provider
    * TSS Core Service
    * TSS Device Driver Library

Notes:
To install this software, administrative rights are required.
On systems with disabled Trusted Platform Module and Physical Presence Interface support you can enable the Trusted Platform Module via option "Prepare TPM Enrollment". This will allow you to initialize your platform later, without having to reboot your system again.

Unattended Installation:
Silent installation can be done by calling the setup.exe with the following command line parameters:
- Installation for all users:      setup.exe /s /v"/qn"

Upgrade:
The upgrade from older product versions is described in ReadmeUpgrade.txt.


3. Infineon Security Platform Software

3.1 Security Platform Settings Tool

With the Security Platform Settings Tool, you can get various information about the Trusted Platform Module of your system. Also, you are able to carry out several administrative tasks. This component is designed as a Control Panel Applet. It provides a central access point for administrating the Infineon Security Platform.


3.2 Security Platform Quick Initialization Wizard

The Infineon Security Platform Quick Initialization Wizard is intended for most users to quickly initialize the Security Platform and User with default settings. These operations are needed to enable the Infineon Security Platform functionality and provide the basis for all further activities on the Infineon Security Platform.


3.3 Security Platform Initialization Wizard

The Infineon Security Platform Initialization Wizard is intended for expert users to initialize the Security Platform and to configure Security Platform Features (backup including Emergency Recovery, Password Reset, Enhanced Authentication). These operations are needed to enable the Infineon Security Platform functionality and provide the basis for all further activities on the Infineon Security Platform.


3.4 Security Platform User Initialization Wizard

The Infineon Security Platform User Initialization Wizard is intended for expert users to initialize the Security Platform Users and to configure the user-specific features (secure e-mail, file and folder encryption with EFS and PSD, Enhanced Authentication). This wizard has to be started for each computer user, who is intended to use the personalized Infineon Security Platform Features (i.e., who will be Infineon Security Platform User).


3.5 Security Platform Migration Wizard

The Infineon Security Platform Migration Wizard is used to transfer Infineon Security Platform user-specific keys and certificates from one Infineon Security Platform to another in a secure way.


3.6 Security Platform Backup Wizard

The Infineon Security Platform Backup Wizard is used to perform the backup or restore operations of Security Platform related data. These operations are needed to protect the data from accidental loss in case of an emergency.


3.7 Security Platform Password Reset Wizard 	

The Infineon Security Platform Password Reset Wizard is used to reset Basic User Passwords. Resetting a Basic User Password comprises administrative steps and user steps. The Password Reset Wizard contains both.


3.8 Security Platform PKCS #12 Import Wizard 	

The Infineon Security Platform PKCS #12 Import Wizard is used to import Personal Information Exchange files into the Security Platform.


3.9 Security Platform Certificate Viewer and Certificate Selection 	

Infineon Security Platform Certificate Viewer and Certificate Selection are used to manage certificates.


3.10 Security Platform Taskbar Notification Icon

The Taskbar Notification Icon is a status-sensitive entry point for Security Platform administrative tasks. Via this icon you can access the Taskbar Notification Menu. Furthermore, balloons and tool tips assist you with status-sensitive information.


3.11 Security Platform Integration Services

The Security Platform Integration Services enable standard applications to use the Trusted Platform Module functionality. This is possible for applications supporting the Microsoft Crypto-API or the PKCS #11 Crypto-API. 

The following Integration Service components are provided:
- Infineon TPM Platform Cryptographic Provider (Platform CSP)
- Infineon TPM Cryptographic Provider (User CSP, without AES support)
- Infineon TPM Strong Cryptographic Provider (Strong User CSP, without AES support)
- Infineon TPM RSA and AES Cryptographic Provider (User CSP, including AES support. Not available under Windows 2000.)
- Infineon TPM PKCS #11 Provider (also called "TPM Cryptoki Token")
- Infineon TPM Key Storage Provider (KSP)


3.12 Security Platform Services

The Security Platform Services provide you with a Trusted Computing Group (TCG) compliant software stack.

The TCG Software Stack (TSS) is built by the following modules:

- TSS (TCG Software Stack) Service Provider
- TSS Core Service
- TSS Device Driver Library

The TCG Software Stack is an integral part of a TCG compliant platform, and provides functions that can be used by enhanced operating systems and applications.

Recommendation:
Contact your product support to check whether a firmware update for your Trusted Platform Module is available.


4. If you have questions

If you have any questions or problems, please contact your dealer first.
Further information and support is available under http://www.infineon.com/tpm/software


5. Release Info

5.1 Primary new Features

This release includes the following primary new features:
- Support of Microsoft Windows Vista Service Pack 2
- Support of Microsoft Windows 7
- Language support for Czech


5.2 About this Release

This release contains the following components to enable access to the Trusted Platform Module by application (utilizing the interfaces as specified by TCG, Microsoft® Crypto-API and PKCS #11):

- Security Platform Help
- Security Platform Settings Tool
- Security Platform Quick Initailization Wizard
- Security Platform Initialization Wizard
- Security Platform User Initialization Wizard
- Security Platform Migration Wizard
- Security Platform Backup Wizard
- Security Platform Password Reset Wizard
- Security Platform PKCS #12 Import Wizard
- Security Platform Certificate Viewer and Certificate Selection
- Security Platform Taskbar Notification Icon
- Security Platform Integration Services
    * Microsoft® Outlook® Integration
    * Mozilla Firefox and Thunderbird Integration
    * Encrypted File System Integration (not supported under Windows XP Home)
    * Personal Secure Drive
    * Policy Administration
- Security Platform Services
    * TSS (TCG Software Stack) Service Provider
    * TSS Core Service
    * TSS Device Driver Library


5.3 Hardware and Software Platform Requirements

5.3.1 Hardware Requirements:

A PC capable to run one of the mentioned operating systems and equipped with a Trusted Platform Module.

Hard Disk:
Standard Installation: 120 MB; a portion of this disk space will be freed after installation (approximately 20 MB).
PSD with default settings: 200 MB, plus 5000 MB on system partition (due to policy "Minimum free space after PSD creation").

Memory:
- Microsoft Windows XP Professional and Home 32-bit Editions: 128 MB
- Microsoft Windows XP Professional x64 Edition: 256 MB
- Microsoft Vista Home Basic: 512 MB
- Microsoft Vista Home Premium, Business, Enterprise and Ultimate Editions: 1 GB
- Microsoft Windows 7 Home Premium, Professional, Enterprise and Ultimate Editions: 1 GB

5.3.2 Software Requirements:

Operating Systems (only for 32-bit product version):
- Microsoft Windows XP Professional Service Pack 3
- Microsoft Windows XP Home Edition Service Pack 3
- Microsoft Windows XP Media Center Edition 2005 Service Pack 3
- Microsoft Windows XP Tablet PC Edition 2005 Service Pack 3
- Microsoft Windows Server 2003 Service Pack 2
- Microsoft Windows Server 2008 Service Pack 2
- Microsoft Windows Vista Service Pack 1 (Home Basic, Home Premium, Business, Enterprise, Ultimate)
- Microsoft Windows Vista Service Pack 2 (Home Basic, Home Premium, Business, Enterprise, Ultimate)
- Microsoft Windows 7 (Home Premium, Professional, Enterprise, Ultimate)

Operating Systems (only for 64-bit product version):
- Microsoft Windows XP Professional x64 Edition Service Pack 3 (AMD64)
- Microsoft Windows Server 2003 x64 Edition Service Pack 2 (AMD64)
- Microsoft Windows Vista Service Pack 1 (Home Basic, Home Premium, Business, Enterprise, Ultimate)
- Microsoft Windows Vista Service Pack 2 (Home Basic, Home Premium, Business, Enterprise, Ultimate) 
- Microsoft Windows 7 (Home Premium, Professional, Enterprise, Ultimate)


Microsoft Office:
- Microsoft Office 2003
- Microsoft Office 2007

E-mail Clients:
- Mozilla Thunderbird 2.0
- Microsoft Office Outlook 2003
- Microsoft Office Outlook 2007

Web Browsers:
- Mozilla Firefox 3.0
- Microsoft Internet Explorer 7
- Microsoft Internet Explorer 8



5.4 Version Information	

Infineon TPM Professional Package 3.7


5.5 Trusted Platform Module Firmware Upgrade

After installation, it is recommended to check whether a firmware update is available provided by http://www.infineon.com/tpm/software


5.6 Known Bugs and Limitations

5.6.1 Problems with the Trusted Platform Module

In case an application using the Trusted Platform Module fails, resetting the Trusted Platform Module may solve the problem.
To reset the Trusted Platform Module, shut down the PC (turn off the computer after the system has shut down) and start the PC again.


5.6.2 Known Online Help Error

After installation of Microsoft security updates, the Security Platform Help may not function correctly when the .chm file is opened from a remote location. Further information is available in the Microsoft Knowledge Base, e.g. in Microsoft Security Bulletin MS05-026 and in Microsoft Knowledge Base Article 896358.


5.6.3 No support for saving Personal Secure Drive content to a CD data disc on Windows XP, Windows Vista and Windows 7

On Windows XP, Windows Vista and Windows 7, Explorer supports to write data directly to CD data discs with Joliet and ISO-9660 file systems.
During the process of deleting a Personal Secure Drive, it is not supported to select such a CD data disc for saving the content of the Personal Secure Drive. If you want to save the content of a Personal Secure Drive to a CD data disc, use Windows Explorer directly before deleting the Personal Secure Drive.


5.6.4 Personal Secure Drive and Windows XP System Restore 
 
If you enabled System Restore please note that Personal Secure Drive is like any other drive on your computer monitored by System Restore.
To ensure that System Restore is working properly with your Personal Secure Drive consider the following:
 
a) Personal Secure Drive with a size up to 200 MB
You need to install Microsoft Hotfix WindowsXP-KB888402-x86-xxx.exe (where xxx is the language specific version).
This hotfix is only available for Windows XP SP2 via Microsoft support (http://support.microsoft.com). Please refer to KB888402.
If you do not install this hotfix, System Restore Points are deleted every time you load your PSD drive.
 
b) Personal Secure Drive with a size bigger than 200 MB
Personal Secure Drive bigger than 200 MB will be handled as every other drive which is of "local disk" type.
To ensure that System Restore is working properly please consider the disk space requirements of System Restore.
Following these requirements leave at least 80 MB free disk space on a Personal Secure Drive.
 
 
5.6.5 Personal Secure Drive and Microsoft Volume Shadow Copy Service (VSS)

Personal Secure Drive does currently not support Microsoft VSS, nor the services which depend on VSS.
If you observe problems with VSS or any dependant service, then make sure that no Personal Secure Drive is loaded while utilizing VSS.


5.6.6 Timeout in user authentication for WLAN client connection

You need to authenticate to establish a WLAN client connection. Security Platform User Authentication is displayed. Please authenticate within 30 seconds.
Else the WLAN client connection might fail. To enable the WLAN client connection after a timeout, click "Repair" in the WLAN connection's context menu. You do not need to logoff, logon and authenticate again in this case.


5.6.7 Possible user authentication problem in "Run as" mode

Under certain circumstances, an internal error will be returned when the user authentication dialog is expected. This error might occur if all of the following conditions are met:
- The program requiring the user authentication (e.g. User Initialization Wizard) was started in "Run as" mode.
- A certain version of the software "PGP" is installed, e.g. 9.04.
- There was no preceding user authentication in the current logon session.


5.6.8 Dictionary Attack behavior after upgrade from version V2.0

On Infineon Trusted Platform Module 1.2 systems which have been upgraded from Infineon Security Platform Software V2.0 the dictionary attack behavior has to be explicitly initialized by performing a defense level reset. Please start the Security Platform Initialization Wizard SpTPMWz.exe with the command line parameter -resetattack or /resetattack. Else the dictionary attack behavior is not as described in the online help. For example, the Security Platform is not temporarily disabled after multiple wrong authentication attempts.


5.6.9 Changing the system time may cause unexpected behavior

Rolling back the system time may cause unexpected behavior of the Infineon Security Platform software. Restarting the 
system will correct this behavior.


5.6.10 Security Platform User Initialization may fail

Under certain circumstances, an error message will be shown at the first Security Platform User Initialization during EFS/PSD feature configuration ("An internal error occurred. An unexpected error occurred.").
To work around that problem, open User Initialization Wizard again, configure EFS/PSD anew with a new created certificate -or- use/create another user account.


5.6.11 Performing Emergency Recovery from a given Backup Archive more than once has the following restriction

Users which were not selected to be restored during Emergency Recovery and users which were selected but did not complete the restoration process cannot be selected during subsequent restorations. Create a copy of the backup archive to circumvent this.


5.6.12 Setup Repair Mode under restricted administrative account in Windows Vista

Users with restricted administrative account in Windows Vista will get an error message stating "Installation of Security Platform Software requires administrative permissions" while trying to repair the Infineon Security Platform Solution software through Control Panel, and the setup will abort. Please start setup repair mode by clicking on setup.exe in the CD-image.


5.6.13 Operating System upgrade to Windows Vista

If you currently have a lower Infineon TPM Professional Package than V3.0 installed on your system, then you cannot directly upgrade the operating system to Windows Vista. First you need to upgrade your Infineon TPM Professional Package to this version and then the operating system to Windows Vista.


5.6.14 Policies are not displayed correctly after upgrade

If you upgrade from an operating system that does not support group policy (e.g. Windows Media Center, Windows XP Home) to an operating system that supports group policy (e.g. Windows Vista Ultimate, Windows Vista Business), policies are not displayed as expected. To work around this problem, uninstall and freshly install the Infineon TPM Professional Package Software after operating system upgrade.


5.6.15 Security Platform Integration Services not registered any more after Operating System Upgrade

In some special Operating System Upgrade scenarios, parts of Security Platform Integration Services might not be registered any more (for example after an upgrade from Windows Vista Home Basic 64-bit Edition to Windows Vista Ultimate 64-bit Edition). As a consequence, features like file and folder encryption with EFS and PSD might not work as expected any more. To resolve this, run setup repair mode by clicking on setup.exe in the CD-image.


5.6.16 Installation and Uninstallation of required prerequisite software

Please note that the Infineon Security Platform Software requires certain prerequisite software (e.g. Microsoft Visual Studio C++ 2005 SP1 Redistributable Package). The setup installs all prerequisite software which is not yet installed on your computer. If you try to install this prerequisite software without administrative rights, the installation might fail and display some inexpressive error message. Please do not uninstall any prerequisite software, as long as Infineon Security Platform Software is installed. Else you might not be able to use or uninstall Infineon Security Platform Software any more. Note that the prerequisite software is not automatically uninstalled if the main software installation fails.


5.6.17 Installation on not recommended operating systems

It is not recommended to install Infineon Security Platform Software on certain operating systems (e.g. Windows 2000 with Service Pack 4 or Windows XP without Service Pack 2 or higher), since the software has been optimized for newer operating system versions. 
A corresponding message is displayed at the beginning of the installation. If prerequisite software must be installed on your system before the main setup starts (see chapter "Installation and Uninstallation of required prerequisite software"), this warning will only be displayed after the prerequisite installation.

5.6.18 PKCS#11 functionality after upgrade

After an upgrade of Security Platform Solution Software, applications that use Security Platform Solution through the PKCS#11 interface may not work as expected, because the PKCS#11 DLL (ifxtpmck.dll) is now located in the Security Platform Solution Software installation directory. In former product versions, it was located in the system32 directory. Applications have to be reconfigured to load ifxtpmck.dll from the new location. 

5.6.19 RSA SecurID Software Token compatiblity

Infineon TPM Professional Package is compatible with RSA SecurID Software Token 3.05 or lower.

5.6.20 Microsoft VPN connection when using EAP-TLS with certificates

In case the Infineon TPM Cryptographic Provider or Infineon TPM Strong Cryptographic Provider or Infineon TPM RSA and AES Cryptographic Provider are used for a VPN certificate, that certificate must be requested without strong private key protection.
In case the certificate has been requested with strong private key protection and an Infineon TPM Cryptographic Provider, and later on this certificate is selected in a VPN connection, this VPN connection will fail. The Microsoft Remote Access Connection Manager will hang and the VPN application will not be responsive. To solve this problem, log off and log on again and select a certificate without strong private key protection for the VPN connection.

server: web4, load: 0.94