IBM Client Security Software Version 5.4

IBM Client Security Software Version 5.4

IBM Client Security Software can only be used with IBM computers that contain the IBM Embedded Security Subsystem. This software consists of applications and components that enable IBM clients to secure their sensitive information through a secure hardware chip rather than through vulnerable software.

Before client user information can be protected, IBM Client Security Software must be installed on the client and users must be authorized to use the software. An easy-to-use Setup Wizard guides you through the entire installation process.

WARNING: At least one client user MUST be authorized to use UVM during setup. If NO user is authorized to use UVM when initially setting up Client Security Software, your security settings will NOT be applied and your information will NOT be protected.

If you completed the Setup Wizard without authorizing any users, shut down and restart your system; then run the Client Security Setup Wizard from the Windows Start menu and authorize a Windows user to use UVM. This will enable IBM Client Security Software to apply your security settings and protect your sensitive information.

New in this release

Note: If you are using a ThinkPad or NetVista computer with a security chip that is not TCG-compliant, you must use Client Security Software 5.3. Client Security Software 5.4 will not install successfully on these computers.

Required software versions to use with this release

Known issues or limitations in CSS Version 5.4

CSS 5.4: Supported GINAs

Upgrading from Release 4.0x

To completely remove Client Security Software, simply uninstall Client Security Software Release 4.0x from the Control Panel Add/Remove Programs applet. After restarting the computer, Client Security Software Release 5.4 can be installed and configured through the Setup Wizard.

To complete the following procedure, you will need the public and private keys that were created when Release 4.0x was configured. Be sure to have them available.

To remove Client Security Software Release 4.0x, but use your existing security data with Release 5.4, complete the following procedure:

  1. Update the archive information.
    Before removing Client Security Release 4.0x, be sure the archive information is up-to-date. This can be done by completing the following procedure:

    1. Click Start > Programs > IBM Client Security Software >Client Utility.

    2. Click the Update Archive button. This updates the backup information. Take note of the archive directory.

    3. Exit the utility.

  2. Remove the existing Client Security Software from the computer, using the following procedure:

    1. From the Control Panel, use Add/Remove Programs to remove IBM Client Security Software.

    2. Select No when prompted for reboot.

    3. Shut down the system using the Start menu.

  3. Clear the Embedded Security Chip, using the following procedure:

    1. Power up the system.

    2. Press F1 during startup to enter the BIOS Setup Utility.

    3. Go to Security Chip Settings and clear the security chip.

    4. Exit BIOS Setup and the system will continue to reboot.

      Note: You might need to press and hold the Fan key during startup. The Chip Clear procedure varies between systems. Refer to the user guide that came with your computer.

  4. Install IBM Client Security Release 5.4, using the following procedure:

    1. Run the Release 5.4 installation program.

    2. Reboot when prompted. After reboot, the Client Security Setup Wizard will automatically launch.

    3. Do not run the Setup Wizard. Rather, click Cancel to exit.

  5. Temporarily back up default security policy, using the following procedure:

    1. Using Windows Explorer, go to the IBM Client Security Software install directory (default is c:\program files\IBM\security).

    2. Right-click the UVM_Policy folder and select Copy.

    3. Right-click the desktop and select Paste. This will create a temporary backup on the desktop. Note that your existing security policy settings will be replaced with new defaults.

  6. Restore settings from Release 4.0, using the following procedure:

    1. From the Control Panel, select the IBM Embedded Security System, and enter the chip password.

    2. Click the Key Configuration button.

    3. Select Yes to restore keys from the key archive.

    4. Provide the location of the Release 4.0 archive directory.

    5. Provide the location of the public and private key files that were created when Release 4.0x was configured. You will be notified that your archive will be updated for the new release.

    6. Click OK.

    7. Provide a location to create new (Release 5.4) archive keys. Be sure to create the keys in a location different from the location of your existing Release 4.0x archive keys. If you have administrator keys you already created for Release 5.4 on another system, you can select Use an existing CSS Archive key pair and provide the location of the existing keys.

    8. Click Next. Your archive will be converted and restored.

    9. Exit the application when finished.

  7. Restore policy settings

  8. Using Windows Explorer, go to the IBM Client Security Software install directory (default is c:\program files\IBM\security).

  9. Using the left mouse button, drag the UVM_Policy folder from the desktop to the IBM Client Security Software install directory.

  10. Answer 'Yes' to all warnings.

Your security data has now been migrated from Release 4.0 to Release 5.4.

If you previously changed your security policy in Release 4.0x, you might want to re-submit your security policy settings by running the IBM Embedded Security Subsystem from the Control Panel. Click Configure Application Support and Policies and then Application Policy, and then Edit Policy.