Rohde & Schwarz R&S Trusted Disk 3.3.1 Instruction Manual
R&S®Trusted Disk ‒ Standalone
Administration manual
Administration manual
Version 03
4603798802
(^3Ýæ2)
This document describes the following R&S®Trusted Disk versions:
●R&S Trusted Disk 3.3.1
This product uses several valuable open source software packages. For more information, see the Open Source Acknowledgment
document, which you can obtain separately.
The open source software is provided free of charge. You are entitled to use the open source software in accordance with the
respective license conditions as provided in the Open Source Acknowledgment document.
Rohde & Schwarz would like to thank the open source community for their valuable contribution to embedded computing.
© 2019 Rohde & Schwarz Cybersecurity GmbH
Mühldorfstr. 15, 81671 Munich, Germany
Phone: +49 89 41 29 - 0
Fax: +49 89 41 29 12 164
Email: [email protected]
Internet: https://rohde-schwarz.com/cybersecurity
Printed in Germany – Subject to change – Data without tolerance limits is not binding.
R&S® is a registered trademark of Rohde & Schwarz GmbH & Co. KG.
Trade names are trademarks of the owners.
4603.7988.02 | Version 03 |
Throughout this manual, products from Rohde & Schwarz are indicated without the ® symbol, e.g. R&S®Trusted Disk is indicated as
R&S Trusted Disk.
Contents
3Administration manual 4603.7988.02 ─ 03
Contents
1 About this manual..................................................................................5
1.1 Audience........................................................................................................................ 5
1.2 Related documents....................................................................................................... 5
1.3 Conventions.................................................................................................................. 5
1.4 Contact, service and support.......................................................................................7
1.4.1 Customer knowledge base..............................................................................................7
1.4.2 Contact channels............................................................................................................ 8
2 About R&S Trusted Disk........................................................................9
2.1 Key security features....................................................................................................9
2.2 Scope of delivery.......................................................................................................... 9
3 Preparing the installation.................................................................... 11
3.1 General preparations.................................................................................................. 11
3.2 Installing the middleware and dependencies........................................................... 11
3.2.1 Microsoft Visual C++ Redistributable............................................................................ 11
3.2.2 PKCS #11 module.........................................................................................................12
3.2.3 R&S TD CryptoHelper...................................................................................................13
3.3 Configuring R&S Trusted Identity Manager..............................................................13
3.3.1 Installing R&S Trusted Identity Manager (Standalone)................................................. 14
3.3.2 Creating a root certificate authority............................................................................... 14
3.3.3 Personalizing a smart card for the administrator...........................................................15
3.3.4 Personalizing a smart card for the user........................................................................ 16
3.4 Configuring Secure Boot (UEFI/GPT)........................................................................18
3.4.1 Checking the Secure Boot status..................................................................................18
3.4.2 Enabling Secure Boot................................................................................................... 18
4 Installation and full-disk encryption...................................................20
4.1 System requirements..................................................................................................20
4.2 Prerequisites............................................................................................................... 20
4.3 Installing R&S Trusted Disk....................................................................................... 21
4.4 Initializing the full-disk encryption............................................................................ 22
4.4.1 Full-disk encryption wizard............................................................................................22
Contents
4Administration manual 4603.7988.02 ─ 03
4.4.2 Activating setup mode (UEFI/GPT)...............................................................................23
5 Command-line tools.............................................................................24
5.1 FDE initialization tool..................................................................................................24
5.1.1 List of parameters......................................................................................................... 24
5.1.2 Examples...................................................................................................................... 25
5.2 Boot manager tool (UEFI/GPT).................................................................................. 27
5.2.1 InstallSBM.exe.............................................................................................................. 27
5.2.2 InstallSBM.efi................................................................................................................ 27
5.2.3 List of parameters......................................................................................................... 28
5.2.4 Structure........................................................................................................................29
6 Advanced tasks....................................................................................30
6.1 Updating R&S Trusted Disk....................................................................................... 30
6.2 Configuring the PIN policy......................................................................................... 31
6.3 R&S Trusted Disk key update.................................................................................... 32
6.4 Stealth mode................................................................................................................33
6.4.1 UEFI/GPT......................................................................................................................33
6.4.2 Legacy BIOS/MBR........................................................................................................ 36
6.5 Decryption and data recovery....................................................................................38
6.6 Windows feature updates...........................................................................................40
7 Appendix...............................................................................................41
7.1 Activating setup mode (UEFI/GPT)............................................................................41
7.2 Stealth mode PowerShell script (UEFI/GPT)............................................................ 45
7.3 Compatible smart card readers................................................................................. 46
Glossary: Abbrevations.......................................................................47
Index......................................................................................................48
About this manual
5Administration manual 4603.7988.02 ─ 03
1 About this manual
Contents
●Audience................................................................................................................... 5
●Related documents................................................................................................... 5
●Conventions.............................................................................................................. 5
●Contact, service and support.................................................................................... 7
1.1 Audience
This manual is for IT administrators deploying R&S Trusted Disk in medium to large
enterprises and help desk personnel managing users, groups, policies, certificates and
devices.
This document assumes basic device, networking and security knowledge, including
the following:
●Setup and configuration of endpoint hardware
●Partitioning, formatting and maintenance of hard disk drives
●Knowledge of endpoint encryption concepts
●Knowledge of client-server architectures
1.2 Related documents
Product Document
R&S Trusted Disk ●Release notes
●User manual
1.3 Conventions
This document can contain the following text markers and annotations:
Conventions
About this manual
6Administration manual 4603.7988.02 ─ 03
Text markers
Convention Examples
Elements in the software (labels, buttons,
dialog boxes, menus, options, panels,
etc.) or labels on hardware are enclosed
in quotation marks.
"Settings"
"Menu"
"Apply"
"Cancel"
"MGMT1"
"USB"
"IN"/"OUT"
Key names are enclosed in square
brackets.
[Enter]
[Esc]
[Alt]
[Ctrl]+[C]
Filenames, folder names, paths, property
names, commands, program code, user
input and screen output are written in
monospaced font.
Filename: update.iso
Folder name: bin folder
User input: help
Screen output:
bundle
bundle:capabilities
bundle:classes
[...]
User navigation helpers (i.e. bread-
crumbs) are separated by angle brack-
ets. Each UI item is enclosed in quotation
marks.
"User Authentication" > "Local Users"
"Settings" > "Device Management"
Parameters and placeholders are capital-
ized in monospaced font. They are
enclosed in angle brackets.
<NAME>
<SESSION_TIMEOUT>
<RECONNECT_INTERVAL>
File types are written in capital letters. PDF file
ZIP archive
Clickable links, such as hyperlinks or
links to other chapters of this document,
are displayed in a blue font.
http://www.rohde-schwarz.com
User names, passwords, user roles,
application states, status messages and
modes are written in italics.
Sign in with the Administrator account.
User name: probe
Application state: Running
Switch the filtering mode to blacklist.
Example configuration or output is intro-
duced by Example:
Example:
2017-10-11 17:55:03 FAILURE Segmentation
fault.
Conventions
About this manual
7Administration manual 4603.7988.02 ─ 03
Annotations
This document can contain the following annotations to indicate information which
expands on or calls attention to a particular point:
This annotation provides additional information that can help make your work easier.
In tables and lists, this annotation is indicated by Tip:
This is a note. The content of a note provides important additional information regard-
ing the use of the product or the product itself.
In tables and lists, this annotation is indicated by Note:
The content of this annotation provides important information. Read it carefully and fol-
low the instructions to avoid damaging the product, losing data, or putting your network
security at risk.
In tables and lists, this annotation is indicated by NOTICE:
1.4 Contact, service and support
We provide technical support as detailed in your service level agreement.
The Support team can help you with:
●Troubleshooting
●Fixing software and hardware issues
●Configuring devices
●Updating software
1.4.1 Customer knowledge base
In our knowledge base you can find answers to frequently asked questions, instruc-
tions regarding our products and important remarks concerning usage and operation.
You do not need to sign in.
Choose a product category on the left or click a topic from the alphabetical list in the
center.
To search the knowledge base, enter a keyword into the search field. The results are
displayed below the search field as you type.
If the knowledge base search does not show any results, you can contact our Support
team directly.
Contact, service and support
About this manual
8Administration manual 4603.7988.02 ─ 03
1.4.2 Contact channels
If you encounter problems with your product or need quick expert help, go to our ticket
system and create a ticket.
To access our ticket system, you need an account. If you do not have an account yet,
send an email to our Support team.
If you require additional support after creating a ticket, you can contact our Support
team by phone or email, indicating your ticket ID.
●Ticket system: https://myrscs.rohde-schwarz.com
●Email: [email protected]
●Service hotline: +49 800 1383600 or +49 1805 558 825
Refer to your support contract for contact details specific to your location and product.
If you do not have a support contract, refer to your authorized reseller.
Contact, service and support
About R&S Trusted Disk
9Administration manual 4603.7988.02 ─ 03
2 About R&S Trusted Disk
R&S Trusted Disk is a full-disk encryption solution that encrypts user data, the operat-
ing system and any temporary data. It uses a transparent real-time encryption method
that ensures a smoothly running workstation. Pre-boot authentication secures the
workstation from unauthorized access. To boot up a workstation, users have to identify
themselves by connecting a smart card and entering a PIN.
R&S Trusted Disk was developed based on BSI standards, including up-to-date ran-
dom number generation and flexible rekeying to ensure high-level security.
Contents
●Key security features.................................................................................................9
●Scope of delivery.......................................................................................................9
2.1 Key security features
●Central management and user authentication using smart cards
●Use of algorithms AES-XTS-512 for encryption and SHA-2 512 for hashing
●Support of RSA 2048-bit, 3072-bit and 4096-bit
●Fulfillment of compliance requirements based on audit logs in authorization
changes
●Approval to handle VS-NfD, RESTRICTED (BSI), EU RESTRICTED and NATO
RESTRICTED classified information
●Support of UEFI Secure Boot
●Support of internal and external storage devices
2.2 Scope of delivery
The following software packages are delivered with R&S Trusted Disk:
Name Filename Description
Microsoft Visual C+
+ Redistributable
vc_redist.x64 VS2017.exe
vc_redist.x86 VS2017.exe
Dependency that con-
tains a library of com-
ponents required to
run CardOS API and
R&S Trusted Disk
CardOS API CardOS_API_Setup.exe
CardOS_API_Setup_x64.exe
Middleware for
R&S Trusted Disk and
CardOS smart cards
to communicate
R&S TD Crypto-
Helper
R&S TDCryptoHelper Setup X.X.X-VS-NfD.exe Dependency that con-
tains necessary driv-
ers and program files
Scope of delivery
About R&S Trusted Disk
10Administration manual 4603.7988.02 ─ 03
Name Filename Description
R&S Trusted Iden-
tity Man-
ager (Standalone)
TrustedIdentityManagerStandaloneSetup.msi Smart card manage-
ment solution that
offers an integrated
PKI and all necessary
components for per-
sonalizing and man-
aging smart cards
R&S Trusted Disk R&S Trusted Disk Setup X.X.X-VS-NfD.msi
R&S Trusted Disk Setup X.X.X-eToken.msi
See Chapter 2,
"About R&S Trus-
ted Disk", on page 9
R&S Trusted Disk
Rescue CD
R&S Trusted Disk Rescue Tool X.X.X.iso
R&S Trusted Disk Rescue Tool X.X.X-eToken.iso
Recovery image for
decryption and data
recovery
Scope of delivery
Preparing the installation
11Administration manual 4603.7988.02 ─ 03
3 Preparing the installation
Contents
●General preparations...............................................................................................11
●Installing the middleware and dependencies.......................................................... 11
●Configuring R&S Trusted Identity Manager............................................................ 13
●Configuring Secure Boot (UEFI/GPT).....................................................................18
3.1 General preparations
Before installing R&S Trusted Disk on a workstation, we recommend making the fol-
lowing preparations:
●To prevent users from having access to mounted R&S Trusted Disk volumes of
other users, disable Windows fast user switching.
●For maximum compatibility, we highly recommend updating the BIOS/UEFI firm-
ware to the newest version.
3.2 Installing the middleware and dependencies
All workstations need the following middleware and dependencies to run R&S Trus-
ted Disk.
You need to install the middleware and dependencies in the right order for R&S Trus-
ted Disk to run properly.
Contents
●Microsoft Visual C++ Redistributable...................................................................... 11
●PKCS #11 module...................................................................................................12
●R&S TD CryptoHelper.............................................................................................13
3.2.1 Microsoft Visual C++ Redistributable
R&S Trusted Disk and CardOS API require the latest versions of the Microsoft Visual C
++ Redistributable for Visual Studio (x86 and x64).
●vc_redist.x64 VS2017.exe
●vc_redist.x86 VS2017.exe
Installing the middleware and dependencies
Preparing the installation
12Administration manual 4603.7988.02 ─ 03
To install the Microsoft Visual C++ Redistributable, proceed as follows:
1. Execute both installers.
2. Follow the instructions of the installers.
The R&S Trusted Disk installer checks for the latest version of the x86 Microsoft Vis-
ual C++ Redistributable. If it is not installed, an error message is displayed and the
R&S Trusted Disk installation fails.
Please note that CardOS API does not display an error message if the x64 Micro-
soft Visual C++ Redistributable is missing.
3.2.2 PKCS #11 module
R&S Trusted Disk requires a PKCS #11 (Public-Key Cryptography Standards) module
for R&S Trusted Disk to communicate with the smart card. The middleware differs
depending on whether you use CardOS smart cards or Gemalto eTokens:
●CardOS API for CardOS smart cards..................................................................... 12
●SafeNet Authentication Client for Gemalto eTokens...............................................12
3.2.2.1 CardOS API for CardOS smart cards
The following software packages are delivered with R&S Trusted Disk:
●CardOS_API_Setup.exe (32Bit)
●CardOS_API_Setup_x64.exe (64Bit)
1. Execute the appropriate installer for the workstation.
2. Follow the instructions of the installer.
If your company has group policies in place that do not permit the installation, please
contact our support team for an additional certificate package.
3.2.2.2 SafeNet Authentication Client for Gemalto eTokens
For the use of Gemalto eTokens, we recommend using SafeNet Authentication Client
by Gemalto.
Not VS-NfD approved
The use of Gemalto eTokens is not VS-NfD approved.
Installing the middleware and dependencies
Preparing the installation
13Administration manual 4603.7988.02 ─ 03
SafeNet Authentication Client is not delivered with R&S Trusted Disk. For more infor-
mation, refer to https://safenet.gemalto.com.
3.2.3 R&S TD CryptoHelper
The R&S TD CryptoHelper package provides the disk encryption driver and tools.
1. Execute R&S TDCryptoHelper Setup X.X.X-VS-NfD.exe.
2. Follow the instructions of the installer.
The R&S Trusted Disk installer checks for the required version of R&S TD Crypto-
Helper. If it is not installed, an error message is displayed and the R&S Trusted Disk
installation fails.
If you install the application with the parameter /a, restart the workstation and execute
fdeinit.exe with the parameter -e, a restart after the initialization of the full-disk
encryption is not required. For more information, see Chapter 5.1, "FDE initialization
tool", on page 24.
If you install the application with the parameter /quiet, the installation takes place with-
out user interaction.
To run both operations, use the parameter /qa.
3.3 Configuring R&S Trusted Identity Manager
If you do not use an existing PKI for R&S Trusted Disk, you can create an internal PKI
using R&S Trusted Identity Manager (Standalone). R&S Trusted Identity Man-
ager (Standalone) is a smart card management solution that offers an integrated PKI
and all necessary components for personalizing and managing smart cards.
Prerequisites
●TrustedIdentityManagerStandaloneSetup.msi available
●CardOS API installed
●At least two smart cards available
Contents
●Installing R&S Trusted Identity Manager (Standalone)........................................... 14
●Creating a root certificate authority......................................................................... 14
●Personalizing a smart card for the administrator.....................................................15
●Personalizing a smart card for the user.................................................................. 16
Configuring R&S Trusted Identity Manager
Preparing the installation
14Administration manual 4603.7988.02 ─ 03
3.3.1 Installing R&S Trusted Identity Manager (Standalone)
► Execute TrustedIdentityManagerStandaloneSetup.msi.
You have installed R&S Trusted Identity Manager (Standalone).
3.3.2 Creating a root certificate authority
The first step of creating an internal PKI is to create a root CA to validate the identity of
subordinate certificates (e.g. user certificates on smart cards).
1. Open R&S Trusted Identity Manager (Standalone).
2. Select the tab "Root Certificate".
3. Click "Create Root CA".
4. Configure the root CA.
●Country: Use only ISO 3166 Alpha-2 country codes, e.g. EN.
●Common name: This field is mandatory.
●Email: This field is checked while you type.
5. Click "Next" > "Execute".
Backup R&S Trusted Identity Manager (Standalone) data
To ensure access to the root CA, smart card information and all certificates in case the
administrator workstation does not work properly, we recommend creating a backup of
%username%\AppData\Local\Sirrix AG\TrustedIdentityManager.
To install R&S Trusted Disk on a workstation, the root certificate of your root CA is nee-
ded (see Chapter 4.3, "Installing R&S Trusted Disk", on page 21). The root certificate
identifies the root CA that is used to issue certificates (e.g. user certificates on smart
cards) and validates the identity of a user.
To save the root certificate, proceed as follows:
1. Select the tab "Root Certificate".
2. Click "Export Certificate".
3. Select a destination folder.
4. Click "Next" > "Execute".
The root certificate is saved as CACertificate.crt.
Configuring R&S Trusted Identity Manager
Preparing the installation
15Administration manual 4603.7988.02 ─ 03
3.3.3 Personalizing a smart card for the administrator
The administrator's smart card has a key role in the R&S Trusted Disk infrastructure: In
addition to the specific user's smart card, all workstations are secured with the adminis-
trator's smart card to protect your company from data loss. If a user's smart card is lost
or stolen, the administrator can still access the encrypted workstation.
1. Connect a smart card.
2. If the smart card has not been personalized before, initialize the smart card.
a) Open CardOS Viewer.
b) Select your card reader from the list.
c) Click "Card" > "Initialize Card...".
d) Fill in the required information.
e) Click "OK".
3. Open R&S Trusted Identity Manager (Standalone).
4. Select the tab "Token".
5. Click "Personalize token".
6. Configure the smart card.
●Country: Use only ISO 3166 Alpha-2 country codes, e.g. EN.
●Common name: This field is mandatory.
●Email: This field is checked while you type.
Note: For increased security, we recommend using the key size "4096".
7. Click "Next".
8. Set up a PIN of 6 to 16 digits.
9. Click "Next" > "Execute".
The selected PIN and a randomly generated PUK are stored on the smart card.
Additionally, a pair of keys and a certificate signed by the root CA are generated.
The certificate is stored on the smart card.
Configuring R&S Trusted Identity Manager
Preparing the installation
16Administration manual 4603.7988.02 ─ 03
You can reset the smart card PIN with the PUK. Additionally, the PUK is needed to
unlock the smart card if the PIN was entered incorrectly three times.
You can enter the PUK incorrectly up to ten times before the smart card is irreversibly
locked.
To install R&S Trusted Disk on a workstation, the certificate stored on the administra-
tor's smart card is needed (see Chapter 4.3, "Installing R&S Trusted Disk",
on page 21). Installing R&S Trusted Disk with the administrator certificate ensures
that the administrator can access the encrypted workstation.
To save the administrator certificate, proceed as follows:
1. Select the tab "User Certificates".
2. Click "Export Certificate".
3. Select the administrator's smart card.
4. Click "Next".
5. Select the destination folder.
6. Click "Next" > "Execute".
The administrator certificate is saved.
7. Rename the exported certificate to SecurityAdminCertificate.crt.
3.3.4 Personalizing a smart card for the user
You need to personalize at least one smart card for a user. Users with permission to
access a workstation identify themselves with their smart card and PIN during pre-boot
authentication. You can give any amount of user smart cards permission to access a
workstation.
1. Connect a smart card.
2. If the smart card has not been personalized before, initialize the smart card.
a) Open CardOS Viewer.
b) Select your card reader from the list.
c) Click "Card" > "Initialize Card...".
d) Fill in the required information.
e) Click "OK".
3. Open R&S Trusted Identity Manager (Standalone).
4. Select the tab "Token".
5. Click "Personalize token".
6. Configure the smart card.
Configuring R&S Trusted Identity Manager
Preparing the installation
17Administration manual 4603.7988.02 ─ 03
●Country: Use only ISO 3166 Alpha-2 country codes, e.g. EN.
●Common name: This field is mandatory.
●Email: This field is checked while you type.
Note: For increased security, we commend using the key size "4096".
7. Click "Next".
8. Set up a PIN of 6 to 16 digits.
9. Click "Next" > "Execute".
The selected PIN and a randomly generated PUK are stored on the smart card.
Additionally, a pair of keys and a certificate signed by the root CA are generated.
The certificate is stored on the smart card.
You can reset the smart card PIN with the PUK. Additionally, the PUK is needed to
unlock the smart card if the PIN was entered incorrectly three times.
You can enter the PUK incorrectly up to ten times before the smart card is irreversibly
locked.
Optional: If you want to initialize the full-disk encryption using the FDE initialization
tool, you need to save the certificate stored on the user's smart card (see Chap-
ter 5.1.2.1, "Full-disk encryption without a smart card", on page 25).
To save the user certificate, proceed as follows:
1. Select the tab "User Certificates".
2. Click "Export Certificate".
3. Select the user's smart card.
4. Click "Next".
5. Select the destination folder.
Configuring R&S Trusted Identity Manager
Preparing the installation
18Administration manual 4603.7988.02 ─ 03
6. Click "Next" > "Execute".
The user certificate is saved.
3.4 Configuring Secure Boot (UEFI/GPT)
For the full-disk encryption on UEFI-based workstations, Secure Boot is required. After
initializing the full-disk encryption, R&S Trusted Disk replaces pre-installed Secure
Boot certificates with Rohde & Schwarz Cybersecurity GmbH certificates. To do this,
Secure Boot must be enabled at the time of the full-disk encryption. After the full-disk
encryption is initialized, you need to activate setup mode for Secure Boot, so
R&S Trusted Disk can perform a system takeover. In this step, the certificates are
replaced and the workstation starts the R&S Trusted Disk pre-boot authentication.
Contents
●Checking the Secure Boot status............................................................................18
●Enabling Secure Boot............................................................................................. 18
3.4.1 Checking the Secure Boot status
1. Start Windows PowerShell with administrator rights.
2. Enter Confirm-SecureBootUEFI.
3. Press [Enter].
● If the return value is "True", Secure Boot is enabled on the workstation. Con-
tinue with Chapter 4, "Installation and full-disk encryption", on page 20.
● If the return value is "False", follow the instructions in Chapter 3.4.2, "Enabling
Secure Boot", on page 18.
You can also check the status in the registry. In Windows 10, the key is located at
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecureBoot\
State. The key has the value "1" (Secure Boot enabled) or "0" (Secure Boot dis-
abled).
3.4.2 Enabling Secure Boot
Please note that different systems use different UEFI menu structures, i.e. this chapter
is not a "one fits all" instruction on enabling Secure Boot. It is only supposed to be a
rough guideline. For more detailed instructions, refer to the user documentation of the
hardware.
Configuring Secure Boot (UEFI/GPT)
Preparing the installation
19Administration manual 4603.7988.02 ─ 03
1. Access the UEFI.
a) With [Shift] pressed, restart the workstation.
b) On the "Choose an option" page, click "Troubleshoot" > "Advanced Options" >
"UEFI Firmware Settings" > "Restart".
The workstation restarts and the UEFI is displayed.
Tip: You can access the UEFI by pressing a hotkey right after you power on the
workstation. The hotkey differs between systems, the most frequent being [F2],
[DEL] and [ESC].
2. In the UEFI, navigate to the Secure Boot settings.
Note: The Secure Boot settings are usually located under "Security" or "Boot".
3. Change the Secure Boot status to "[Enabled]".
4. To save and exit, follow the instructions of the UEFI.
You have enabled Secure Boot on the workstation.
Configuring Secure Boot (UEFI/GPT)
Installation and full-disk encryption
20Administration manual 4603.7988.02 ─ 03
4 Installation and full-disk encryption
Contents
●System requirements.............................................................................................. 20
●Prerequisites........................................................................................................... 20
●Installing R&S Trusted Disk.................................................................................... 21
●Initializing the full-disk encryption............................................................................22
4.1 System requirements
Before installing R&S Trusted Disk on a workstation, make sure it fulfills the following
hardware and software requirements:
General requirements
Operating system
Hard disk drive
Smart card reader
Smart cards
Middleware/dependencies
Windows 7 (Legacy BIOS/MBR only, with SP1 installed) / 8.1 / 10
One internal hard disk drive supported for encryption (must run Windows)
See Chapter 7.3, "Compatible smart card readers", on page 46
CardOS smart cards or Gemalto eTokens
See Chapter 3.2, "Installing the middleware and dependencies",
on page 11
The latest cumulative Windows update is needed on Windows 10 1507 (10240) UEFI.
We only support Windows versions that are still supported by Microsoft. For more infor-
mation, see https://support.microsoft.com.
UEFI-based (GPT) Legacy BIOS-based (MBR)
Boot mode
UEFI version
Secure Boot
Hard disk drive
Partitions
Free disk space
UEFI
2.3.1 Errata C or later
Enabled (Windows 8.1 and later)
GPT-formatted
Windows and EFI system partition on
the same hard disk drive
50 MB on EFI system partition
Legacy BIOS
‒
‒
MBR-formatted (Microsoft, not OEM)
Windows on two partitions (boot parti-
tion and system partition)
50 MB on boot partition
4.2 Prerequisites
Before installing R&S Trusted Disk on a workstation, make sure you properly prepared
the installation. The following checklist provides an overview:
●Middleware and dependencies installed (see Chapter 3.2, "Installing the middle-
ware and dependencies", on page 11)
Prerequisites
Table of contents
Popular Computer Hardware manuals by other brands
NETGEAR
NETGEAR WG511 - Only Wireless Pccard Nic 54MBPS installation guide
Mitsubishi Electric
Mitsubishi Electric MELSEC SW1DNC-CCIEF-B user manual
GigaDevice Semiconductor
GigaDevice Semiconductor GD32W515 Series Hardware development guide
Trane
Trane 700 troubleshooting manual
Kontron
Kontron KBox F-420-WLU user guide
Mostek
Mostek z80 Operation manual
