Rohde & Schwarz R&S Trusted Disk 3.3.1 Manuale di istruzioni
R&S®Trusted Disk ‒ Standalone
Administration manual
Administration manual
Version 03
4603798802
(^3Ýæ2)
This document describes the following R&S®Trusted Disk versions:
●R&S Trusted Disk 3.3.1
This product uses several valuable open source software packages. For more information, see the Open Source Acknowledgment
document, which you can obtain separately.
The open source software is provided free of charge. You are entitled to use the open source software in accordance with the
respective license conditions as provided in the Open Source Acknowledgment document.
Rohde & Schwarz would like to thank the open source community for their valuable contribution to embedded computing.
© 2019 Rohde & Schwarz Cybersecurity GmbH
Mühldorfstr. 15, 81671 Munich, Germany
Phone: +49 89 41 29 - 0
Fax: +49 89 41 29 12 164
Email: [email protected]
Internet: https://rohde-schwarz.com/cybersecurity
Printed in Germany – Subject to change – Data without tolerance limits is not binding.
R&S® is a registered trademark of Rohde & Schwarz GmbH & Co. KG.
Trade names are trademarks of the owners.
4603.7988.02 | Version 03 |
Throughout this manual, products from Rohde & Schwarz are indicated without the ® symbol, e.g. R&S®Trusted Disk is indicated as
R&S Trusted Disk.
Contents
3Administration manual 4603.7988.02 ─ 03
Contents
1 About this manual..................................................................................5
1.1 Audience........................................................................................................................ 5
1.2 Related documents....................................................................................................... 5
1.3 Conventions.................................................................................................................. 5
1.4 Contact, service and support.......................................................................................7
1.4.1 Customer knowledge base..............................................................................................7
1.4.2 Contact channels............................................................................................................ 8
2 About R&S Trusted Disk........................................................................9
2.1 Key security features....................................................................................................9
2.2 Scope of delivery.......................................................................................................... 9
3 Preparing the installation.................................................................... 11
3.1 General preparations.................................................................................................. 11
3.2 Installing the middleware and dependencies........................................................... 11
3.2.1 Microsoft Visual C++ Redistributable............................................................................ 11
3.2.2 PKCS #11 module.........................................................................................................12
3.2.3 R&S TD CryptoHelper...................................................................................................13
3.3 Configuring R&S Trusted Identity Manager..............................................................13
3.3.1 Installing R&S Trusted Identity Manager (Standalone)................................................. 14
3.3.2 Creating a root certificate authority............................................................................... 14
3.3.3 Personalizing a smart card for the administrator...........................................................15
3.3.4 Personalizing a smart card for the user........................................................................ 16
3.4 Configuring Secure Boot (UEFI/GPT)........................................................................18
3.4.1 Checking the Secure Boot status..................................................................................18
3.4.2 Enabling Secure Boot................................................................................................... 18
4 Installation and full-disk encryption...................................................20
4.1 System requirements..................................................................................................20
4.2 Prerequisites............................................................................................................... 20
4.3 Installing R&S Trusted Disk....................................................................................... 21
4.4 Initializing the full-disk encryption............................................................................ 22
4.4.1 Full-disk encryption wizard............................................................................................22
Contents
4Administration manual 4603.7988.02 ─ 03
4.4.2 Activating setup mode (UEFI/GPT)...............................................................................23
5 Command-line tools.............................................................................24
5.1 FDE initialization tool..................................................................................................24
5.1.1 List of parameters......................................................................................................... 24
5.1.2 Examples...................................................................................................................... 25
5.2 Boot manager tool (UEFI/GPT).................................................................................. 27
5.2.1 InstallSBM.exe.............................................................................................................. 27
5.2.2 InstallSBM.efi................................................................................................................ 27
5.2.3 List of parameters......................................................................................................... 28
5.2.4 Structure........................................................................................................................29
6 Advanced tasks....................................................................................30
6.1 Updating R&S Trusted Disk....................................................................................... 30
6.2 Configuring the PIN policy......................................................................................... 31
6.3 R&S Trusted Disk key update.................................................................................... 32
6.4 Stealth mode................................................................................................................33
6.4.1 UEFI/GPT......................................................................................................................33
6.4.2 Legacy BIOS/MBR........................................................................................................ 36
6.5 Decryption and data recovery....................................................................................38
6.6 Windows feature updates...........................................................................................40
7 Appendix...............................................................................................41
7.1 Activating setup mode (UEFI/GPT)............................................................................41
7.2 Stealth mode PowerShell script (UEFI/GPT)............................................................ 45
7.3 Compatible smart card readers................................................................................. 46
Glossary: Abbrevations.......................................................................47
Index......................................................................................................48
About this manual
5Administration manual 4603.7988.02 ─ 03
1 About this manual
Contents
●Audience................................................................................................................... 5
●Related documents................................................................................................... 5
●Conventions.............................................................................................................. 5
●Contact, service and support.................................................................................... 7
1.1 Audience
This manual is for IT administrators deploying R&S Trusted Disk in medium to large
enterprises and help desk personnel managing users, groups, policies, certificates and
devices.
This document assumes basic device, networking and security knowledge, including
the following:
●Setup and configuration of endpoint hardware
●Partitioning, formatting and maintenance of hard disk drives
●Knowledge of endpoint encryption concepts
●Knowledge of client-server architectures
1.2 Related documents
Product Document
R&S Trusted Disk ●Release notes
●User manual
1.3 Conventions
This document can contain the following text markers and annotations:
Conventions
About this manual
6Administration manual 4603.7988.02 ─ 03
Text markers
Convention Examples
Elements in the software (labels, buttons,
dialog boxes, menus, options, panels,
etc.) or labels on hardware are enclosed
in quotation marks.
"Settings"
"Menu"
"Apply"
"Cancel"
"MGMT1"
"USB"
"IN"/"OUT"
Key names are enclosed in square
brackets.
[Enter]
[Esc]
[Alt]
[Ctrl]+[C]
Filenames, folder names, paths, property
names, commands, program code, user
input and screen output are written in
monospaced font.
Filename: update.iso
Folder name: bin folder
User input: help
Screen output:
bundle
bundle:capabilities
bundle:classes
[...]
User navigation helpers (i.e. bread-
crumbs) are separated by angle brack-
ets. Each UI item is enclosed in quotation
marks.
"User Authentication" > "Local Users"
"Settings" > "Device Management"
Parameters and placeholders are capital-
ized in monospaced font. They are
enclosed in angle brackets.
<NAME>
<SESSION_TIMEOUT>
<RECONNECT_INTERVAL>
File types are written in capital letters. PDF file
ZIP archive
Clickable links, such as hyperlinks or
links to other chapters of this document,
are displayed in a blue font.
http://www.rohde-schwarz.com
User names, passwords, user roles,
application states, status messages and
modes are written in italics.
Sign in with the Administrator account.
User name: probe
Application state: Running
Switch the filtering mode to blacklist.
Example configuration or output is intro-
duced by Example:
Example:
2017-10-11 17:55:03 FAILURE Segmentation
fault.
Conventions
About this manual
7Administration manual 4603.7988.02 ─ 03
Annotations
This document can contain the following annotations to indicate information which
expands on or calls attention to a particular point:
This annotation provides additional information that can help make your work easier.
In tables and lists, this annotation is indicated by Tip:
This is a note. The content of a note provides important additional information regard-
ing the use of the product or the product itself.
In tables and lists, this annotation is indicated by Note:
The content of this annotation provides important information. Read it carefully and fol-
low the instructions to avoid damaging the product, losing data, or putting your network
security at risk.
In tables and lists, this annotation is indicated by NOTICE:
1.4 Contact, service and support
We provide technical support as detailed in your service level agreement.
The Support team can help you with:
●Troubleshooting
●Fixing software and hardware issues
●Configuring devices
●Updating software
1.4.1 Customer knowledge base
In our knowledge base you can find answers to frequently asked questions, instruc-
tions regarding our products and important remarks concerning usage and operation.
You do not need to sign in.
Choose a product category on the left or click a topic from the alphabetical list in the
center.
To search the knowledge base, enter a keyword into the search field. The results are
displayed below the search field as you type.
If the knowledge base search does not show any results, you can contact our Support
team directly.
Contact, service and support
About this manual
8Administration manual 4603.7988.02 ─ 03
1.4.2 Contact channels
If you encounter problems with your product or need quick expert help, go to our ticket
system and create a ticket.
To access our ticket system, you need an account. If you do not have an account yet,
send an email to our Support team.
If you require additional support after creating a ticket, you can contact our Support
team by phone or email, indicating your ticket ID.
●Ticket system: https://myrscs.rohde-schwarz.com
●Email: [email protected]
●Service hotline: +49 800 1383600 or +49 1805 558 825
Refer to your support contract for contact details specific to your location and product.
If you do not have a support contract, refer to your authorized reseller.
Contact, service and support
About R&S Trusted Disk
9Administration manual 4603.7988.02 ─ 03
2 About R&S Trusted Disk
R&S Trusted Disk is a full-disk encryption solution that encrypts user data, the operat-
ing system and any temporary data. It uses a transparent real-time encryption method
that ensures a smoothly running workstation. Pre-boot authentication secures the
workstation from unauthorized access. To boot up a workstation, users have to identify
themselves by connecting a smart card and entering a PIN.
R&S Trusted Disk was developed based on BSI standards, including up-to-date ran-
dom number generation and flexible rekeying to ensure high-level security.
Contents
●Key security features.................................................................................................9
●Scope of delivery.......................................................................................................9
2.1 Key security features
●Central management and user authentication using smart cards
●Use of algorithms AES-XTS-512 for encryption and SHA-2 512 for hashing
●Support of RSA 2048-bit, 3072-bit and 4096-bit
●Fulfillment of compliance requirements based on audit logs in authorization
changes
●Approval to handle VS-NfD, RESTRICTED (BSI), EU RESTRICTED and NATO
RESTRICTED classified information
●Support of UEFI Secure Boot
●Support of internal and external storage devices
2.2 Scope of delivery
The following software packages are delivered with R&S Trusted Disk:
Name Filename Description
Microsoft Visual C+
+ Redistributable
vc_redist.x64 VS2017.exe
vc_redist.x86 VS2017.exe
Dependency that con-
tains a library of com-
ponents required to
run CardOS API and
R&S Trusted Disk
CardOS API CardOS_API_Setup.exe
CardOS_API_Setup_x64.exe
Middleware for
R&S Trusted Disk and
CardOS smart cards
to communicate
R&S TD Crypto-
Helper
R&S TDCryptoHelper Setup X.X.X-VS-NfD.exe Dependency that con-
tains necessary driv-
ers and program files
Scope of delivery
About R&S Trusted Disk
10Administration manual 4603.7988.02 ─ 03
Name Filename Description
R&S Trusted Iden-
tity Man-
ager (Standalone)
TrustedIdentityManagerStandaloneSetup.msi Smart card manage-
ment solution that
offers an integrated
PKI and all necessary
components for per-
sonalizing and man-
aging smart cards
R&S Trusted Disk R&S Trusted Disk Setup X.X.X-VS-NfD.msi
R&S Trusted Disk Setup X.X.X-eToken.msi
See Chapter 2,
"About R&S Trus-
ted Disk", on page 9
R&S Trusted Disk
Rescue CD
R&S Trusted Disk Rescue Tool X.X.X.iso
R&S Trusted Disk Rescue Tool X.X.X-eToken.iso
Recovery image for
decryption and data
recovery
Scope of delivery
Indice
Manuali Hardware per computer popolari di altre marche
EMC2
EMC2 VNX Series Manuale del proprietario
Panasonic
Panasonic DV0PM20105 Manuale utente
Mitsubishi Electric
Mitsubishi Electric Q81BD-J61BT11 Manuale utente
Gigabyte
Gigabyte B660M DS3H AX DDR4 Manuale utente
Raidon
Raidon iT2300 Manuale utente
National Instruments
National Instruments PXI-8186 Manuale utente
