[VAIO_PC] Precautions for when using TPM function

 [VAIO_PC] Precautions for when using TPM function

Applicable Products
All VAIO PC’s
This only applies to models with the TPM security chip Installed.

Table of contents
Explanation
Precautions for Windows 10


  • Explanation

Precautions for Windows 10
About entering recovery key and pin code

  • Bitlocker’s recovery key cannot be entered from the touch panel’s on-screen keyboard.
    Please enter it from the main body’s keyboard.

Precautions for BIOS setup menu

  • If you have disabled TPM setting or performed initialization (Clear) in BIOS setup menu setting, you will not be able to access again to encrypted data that are encrypted by BitLocker drive encrypting or encrypting of device.
    If you still have encrypted data left, backup the data as needed, and then disable the setting.
  • In order to enable the TPM setting in BIOS setup menu setting, make sure to setup BIOS password and power on password using BIOS function, so that it cannot be changed by a third party.
    Please refer to the following Related Q&A on how to setup password.

▼Related Q&A:
[VAIO_PC] How to setup/deactivate BIOS password 

Precautions for management of data that uses TPM

  • The latest security function is loaded for TPM, but it does not guarantee a complete protection of data and hardware.
    Please note that we will not be responsible for any issues/damages occurred due to using TPM.
  • Make sure you will not forget the password you set-uped in order to use TPM function, by writing it down, etc.
    Manage the written password so that it cannot be seen by other users.
    Please note that if you forget the password, the TPM-protected data cannot be restored whatsoever.
  • Before handing over your PC for repair, please make sure to backup data in TPM, harddisk, and SSD on your own.
    Manage the backed up files so that they cannot be accessed by other users.
    Please note that we will not be responsible even if the data is lost during repair.
  • We may exchange TPM during repair.
  • It will be the customer’s responsibility to protect and operate data concerning TPM.
    Please note that we will not be responsible on protecting and operating data concerning TPM.

When using TPM function, please be careful on encrypting of the following folders and files.
We cannot restore encrypted data.
Please note that we will not be responsible for any issues/damages occurred due to encrypting.

  • Please do not encrypt the following folders.
    If you encrypt files used by OS and various programs by EFS which uses TPM, it may interfere with startup and actions of those files.

    • C:\Windows
    • C:\Program Files
    • C:\Program Files(x86)

Please be careful with the following items when using EFS.

  • For data you want to encrypt, either save it to the “encrypted data” folder that you create at the default value when initializing, or create a new folder inside your account’s “Document” folder.
    Either that, it will be automatically encrypted, if you save data in Personal Secure Drive
  • Please leave the settings within [display] tab of [folder and search option] of explorer at their default values.
  • Unless it’s necessary, do not change the file attribute (read only, hidden file, system attribute).
  • Please do not bulk encrypt all “user” folders or account folders inside “user” folders.
  • Please do not encrypt the following folders.
    TPM software will not run properly, and encrypted data cannot be restored.
  • Folders that have key and data file
  • Personal Secure Drive file
    • C:\Security Platform\Personal SecureDrive\System Data\xxxxxxxx.FSF
  • Please do not encrypt the following folders.
    If backup archive and emergency restore token are encrypted, you will not be able to restore during emergency.

Also, you cannot reset password if password reset token or password reset secret file is encrypted.

  • Automatic backup archive file
    File name:SPSystemBackup.xml, or SPSystemBackup_(computer name).xml
  • Automatic backup archive storing folder (includes files inside)
    Folder name(fixed):SPSystemBackup(It will be created as sub-folder that creates SPSystemBackup.xml file.)
    Or SPSystemBackup_(computer name) (It will be created as sub-folder that creates SPSystemBackup_(computer name).xml file.)
  • Token used for emergency restoration
    File name:SPEmRecToken.xml
  • Password reset token file
    File name:SPPwdResetToken.xml
  • File with emergency restore/password reset token combined
    File name:SPToken_(computer name).xml
  • Password reset secret file
    File anme:SPPwdResetSecret.xml, or SpPwdResetSecret_(computer name)_(username)[.(domain name)].xml
  • Backup file for key and certification
    File name:SpBackupArchive.xml
  • PSD backup file
    File name:”Drive name”-Personal Secure Drive.fsb
  • Possessor’s password backup file
    File name:SpOwner_(computer name).tpm
  • Protocol file
    File name:SpProtocol_(computer name)_(username)[.(domain name)].txt
  • Precautions regarding basic user password expiration
    Initial value of basic user password expiration is set as [unlimited].