Using TPM to Protect Confidential Information in the Machine
By enabling TPM, you can encrypt and securely manage confidential information such as passwords and keys and certificates saved on the machine.
When TPM is enabled, be sure to back up the TPM key to a USB memory device. If the TPM chip malfunctions, you can restore the backed up TPM key to recover the system.
When TPM is enabled, be sure to back up the TPM key to a USB memory device. If the TPM chip malfunctions, you can restore the backed up TPM key to recover the system.
* The machine may take some time to start up after TPM has been enabled.
IMPORTANT
TPM does not guarantee complete protection of data and hardware.
Canon is not responsible for failure or damage resulting from the use of TPM.
When Using the Administrator with the "Administrator" User Name
Before you enable TPM, change the default password for the "Administrator" user name so that only specific administrators know the new password. Administrator Privileges and Password
* If you leave the password at its default setting, there is a risk that a third party could back up the TPM key and steal the backup data.
The TPM key can only be backed up one time, so if a third party steals the backup data, you will not be able to restore the TPM key.
The TPM key can only be backed up one time, so if a third party steals the backup data, you will not be able to restore the TPM key.
When Initializing All Settings and Data on the Machine
All data encrypted using TPM is erased and the TPM setting is disabled. Initializing All Settings and Data
Enabling TPM
Use the control panel to configure the settings. You cannot configure the settings using Remote UI from a computer.
Administrator privileges are required. The machine must be restarted to apply the settings.
Administrator privileges are required. The machine must be restarted to apply the settings.
Required Preparations
When you use the administrator with the "Administrator" user name, check that the password has been changed from the default setting. Administrator Privileges and Password
1
Log in to the machine as an administrator. Logging In to the Machine
2
On the control panel, press [
Settings/Registration] in the [Home] screen or other screen. [Home] Screen
Settings/Registration] in the [Home] screen or other screen. [Home] ScreenThe [Settings/Registration] screen is displayed.
3
Press [Management Settings] 
[Data Management] [TPM Settings].
[Data Management] [TPM Settings].A screen for confirming the TPM settings is displayed.
4
Press [Yes].
5
Press [ Settings/Registration] [Yes].
Settings/Registration] [Yes].The machine restarts, and the settings are applied.
6
Immediately back up the TPM key to a USB memory device. Backing Up the TPM Key
Backing Up the TPM Key
After enabling TPM, immediately back up the TPM key.
The TPM key is required to recover confidential information if the TPM chip should malfunction.
Use a commercial USB memory device for the backup of the TPM key.
The TPM key is required to recover confidential information if the TPM chip should malfunction.
Use a commercial USB memory device for the backup of the TPM key.
* The TPM key is encrypted when backed up. The backup data cannot be managed or viewed on a computer.
Use the control panel to back up the TPM key. You cannot back up the TPM key using Remote UI from a computer.
Administrator privileges are required.
Administrator privileges are required.
Required Preparations
Provide a USB memory device that satisfies the following conditions. Do not connect anything other than the USB memory device that you are using.
USB memory device usable with the machine Inserting and Removing a USB Memory Device
Less than 60 GB capacity and at least 10 MB available space
Unpartitioned
Unencrypted
IMPORTANT
Precautions When Backing Up the TPM Key
To enhance security, the TPM key can only be backed up one time. Carefully manage the password you set during backup so that you do not forget it.
You cannot use the machine during backup.
Do not remove the USB memory device or subject it to shock or vibration during backup. Do not turn OFF the machine during backup.
1
Log in to the machine as an administrator. Logging In to the Machine
2
On the control panel, press [ Settings/Registration] in the [Home] screen or other screen. [Home] Screen
Settings/Registration] in the [Home] screen or other screen. [Home] ScreenThe [Settings/Registration] screen is displayed.
3
Press [Management Settings] [Data Management] [TPM Settings].
[Data Management] [TPM Settings].The [TPM Settings] screen is displayed.
4
Press [Back Up TPM Key].
The password setting screen is displayed.
5
Enter the password to be set for the TPM key.
The password will be required to restore the TPM key.
1
Press [Password].
2
Enter the password, and press [OK].
3
Enter the same password again, and press [OK].
6
Press [OK].
A screen for confirming the backup is displayed.
7
Insert the USB memory device into the USB port on the machine. Inserting a USB Memory Device
8
Press [OK].
The TPM key backup starts.
9
When [TPM key backup is complete.] is displayed, press [OK].
If an error message appears, follow the instructions of the message and perform the backup again.
10
Remove the USB memory device. Removing the USB Memory Device
NOTE
If a USB Memory Device Is Not Recognized
When the setting to use the MEAP driver for the USB storage device is enabled, the USB memory device may not be recognized even if connected correctly. [Use MEAP Driver for USB Input Device]
Restoring the TPM Key
If the TPM chip malfunctions, use the backup data of the TPM key to restore the TPM key on a new TPM chip. You can recover encrypted confidential information by restoring the TPM key.
* For details on troubleshooting or replacing the TPM chip, contact your dealer or service representative.
Use the control panel to restore the TPM key. You cannot restore the TPM key using Remote UI from a computer.
Administrator privileges are required. The machine must be restarted to apply the restoration.
Administrator privileges are required. The machine must be restarted to apply the restoration.
Required Preparations
Prepare the USB memory device with the backed up TPM key. Do not connect anything other than the USB memory device that you are using.
IMPORTANT
Restoring the TPM Key Does Not Recover the Memory Area Itself.
The TPM key restore function recovers access to the storage and SRAM resulting from the TPM chip malfunction. It does not recover the memory area itself.
Precautions When Restoring the TPM Key
You cannot use the machine when restoring the TPM key.
Do not remove the USB memory device or subject it to shock or vibration during restoration. Do not turn OFF the machine during restoration.
* Removing the USB memory device when restoring the TPM key can cause the machine to malfunction.
1
Log in to the machine as an administrator. Logging In to the Machine
2
On the control panel, press [ Settings/Registration] in the [Home] screenor other screen. [Home] Screen
Settings/Registration] in the [Home] screenor other screen. [Home] ScreenThe [Settings/Registration] screen is displayed.
3
Press [Management Settings] [Data Management] [TPM Settings].
[Data Management] [TPM Settings].The [TPM Settings] screen is displayed.
4
Press [Restore TPM Key].
The password input screen is displayed.
5
Enter the password of the TPM key.
Press [Password], enter the password that you set during backup, and press [OK].
6
Press [OK].
A screen for confirming the restoration is displayed.
7
Insert a USB memory device into the USB port on the machine. Inserting a USB Memory Device
8
Press [OK].
The TPM key restoration starts.
9
When [TPM Key restoration is complete. Restart the main unit.] is displayed, press [OK].
If an error message appears, follow the instructions of the message and perform the restoration again.
10
Remove the USB memory device. Removing the USB Memory Device
11
Restart the machine. Restarting the Machine
The TPM key restoration is applied.
NOTE
If a USB Memory Device Is Not Recognized
When the setting to use the MEAP driver for the USB storage device is enabled, the USB memory device may not be recognized even if connected correctly. [Use MEAP Driver for USB Input Device]