Using TPM

If the TPM setting is activated and backed up on to the USB memory, you can safely store in the TPM chip the encryption key (TPM key) that encrypts confidential information such as the password, public key pair for SSL communication, and user certificate that are stored in the machine. Doing so, you can prevent important information for the machine from leaking. Also, you can recover the system if the TPM chip fails by restoring the TPM key.
Before activating the TPM setting, an administrator must confirm that the Administrator password has been changed from its default setting. If the password has not been changed from its default setting, third parties other than an administrator can make backups, which may result in the TPM backup key from being taken away. Since the TPM key can only be backed up once, this will make the TPM key unable to be restored.
Backup the TPM key immediately on to the USB memory after the TPM setting is activated.
For security reasons, you can only backup the TPM key once. Manage the password set during the backup so that it is not forgotten.
The security provided by TPM does not guarantee complete protection of the data and hardware. Note that Canon will not be liable for any failure or damages resulting from the use of this mode.
You cannot access the machine while backing up or restoring data in the USB memory.
Do not remove the USB memory while backing up or restoring data. Doing so may cause damage to the USB memory, USB port, or the data inside of the USB memory. Also if the USB memory is removed when restoring, the machine may be damaged.
To use USB memory, press  (Settings/Registration)  <Preferences>  <External Interface>  <USB Settings>  set <Use MEAP Driver for USB Storage Device> to <Off>.

Setting TPM

This section explains how to activate the TPM setting.
1
Press  (Settings/Registration).
2
Press <Management Settings>  <Data Management>  <TPM Settings>.
3
Press <Yes>.
Setting changes are reflected after the machine restarts.
If the TPM setting is activated, it may take longer to start the machine.

Backing Up the TPM Key

If the TPM setting is activated and the TPM chip fails, you cannot recover the confidential information since each type of confidential information is uniquely encrypted with the TPM key. Thus, immediately backup when the TPM setting is activated.
For backing up, use the commercially available USB memory.
1
Press  (Settings/Registration).
2
Press <Management Settings>  <Data Management>  <TPM Settings>.
3
Press <Back Up TPM Key>.
4
Press <Password>.
5
Enter the password  press <OK>.
6
Enter the password again on the confirmation screen  press <OK>  <OK>.
7
Connect the USB memory to the machine  press <OK>.
If the error screen appears, follow the instructions on the screen and backup again.
Before backing up, make sure that writing is allowed for the memory media connected to the machine.
You cannot back up the TPM key for the following cases:
The password is incorrect
USB memory is not connected
Multiple USB storage devices are connected
Not enough free space in the connected USB memory
TPM key does not exist on the machine
Use USB memory that meets the following conditions:
Not set to read-only
Not partitioned
Less than 60 GB capacity
Not encrypted
For the backup of the TPM key, it is recommended that you use a USB memory with free space of 10 MB or more.
Do not connect any other memory media.
The data on the machine is backed up on the USB memory after it has been encrypted. You cannot manage or browse the backed up data on the computer.
For information on the USB memory that can be used with the machine and how to use it, see Connecting a USB Memory Device.

Restoring the TPM Key

If the TPM chip fails, you can use the previously backed up data of the TPM key to restore the TPM key on to the new TPM chip. For information on TPM chip failure, contact your dealer or service representative.
1
Press  (Settings/Registration).
2
Press <Management Settings>  <Data Management>  <TPM Settings>.
3
Press <Restore TPM Key>.
4
Press <Password>.
5
Enter the password you specified when backing up  press <OK>  <OK>.
6
Connect the USB memory to the machine  press <OK>.
If an error screen is displayed, follow the instructions on the screen to perform the restoration process again.
Before restoring, make sure that the memory media you used for backing up is connected to the machine.
Do not connect any other memory media.
7
Press <OK> to restart the system.
Restoring of the TPM key recovers access to the storage device/SRAM that became inaccessible due to TPM chip failure, and does not recover the content of the memory itself.
If initialization is performed following the steps for "Initializing All Data/Settings," all of the data encrypted by the TPM key is completely erased and the TPM setting becomes inactive.
You cannot restore the TPM key for the following cases:
USB memory is not connected
Multiple USB storage devices are connected
A TPM key does not exist on the USB memory
The TPM key on the USB memory is not correct
The password set during the backup was not entered
85E3-0K9