Allow reading of unprotected TPM NV memory
Determines who may read unprotected Non-Volatile (NV) memory stored in a Trusted Platform Module 1.2. The NV memory may contain sensitive data.
Enabled:Specify whether only local administrators, local and remote administrators, all local users or all users may read unprotected NV data.
Disabled: No user may read unprotected NV data.
This policy is only relevant for Security Platforms with a Trusted Platform Module 1.2.
Note that the Security Platform administration and operation is not restricted by this setting.
Default value: Enabled/Local administrators
Supported on:
| Registry Hive | HKEY_LOCAL_MACHINE |
| Registry Path | Software\Policies\Infineon\TPM Software |
| Value Name | AllowReadingNVPol |
| Value Type | REG_DWORD |
| Enabled Value | 1 |
| Disabled Value | 0 |
Select an option to enable:
- 1 - Local administrators
Registry Hive HKEY_LOCAL_MACHINE Registry Path Software\Policies\Infineon\TPM Software Value Name AllowReadingNV Value Type REG_DWORD Value 1 - 2 - Local and remote administrators
Registry Hive HKEY_LOCAL_MACHINE Registry Path Software\Policies\Infineon\TPM Software Value Name AllowReadingNV Value Type REG_DWORD Value 2 - 3 - All local users
Registry Hive HKEY_LOCAL_MACHINE Registry Path Software\Policies\Infineon\TPM Software Value Name AllowReadingNV Value Type REG_DWORD Value 3 - 4 - All users
Registry Hive HKEY_LOCAL_MACHINE Registry Path Software\Policies\Infineon\TPM Software Value Name AllowReadingNV Value Type REG_DWORD Value 4
ifxsppol.admx
- Security Platform
- All Versions Settings
- Allow administrators to retrieve the SRK public key remotely
- Allow administrators to take ownership remotely
- Allow administrators to use platform keys remotely
- Allow reading of unprotected TPM NV memory
- Configure dictionary attack threshold
- Enable stringent password field security
- Enhanced Authentication providers
- Prepare TPM enrollment
- Purge keys when entering energy-saving states
- Previous Product Versions Settings
- Stand-alone Computer Version Settings
- Owner Password
- Allow platform enrollment
- Backup archive location
- Enforce configuration of Backup including Emergency Recovery
- Enforce configuration of Password Reset
- Enforce immediate System Backup
- Use public key of Emergency Recovery Token from archive
- Use public key of Password Reset Token from archive
- All Versions Settings
- Security Platform
- All Versions Settings
- Basic User Passphrase
- Basic User Password
- Allow EFS configuration
- Allow key import for User
- Allow PSD configuration
- Allow secure e-mail configuration
- Allow user to temporarily disable the Security Platform Features
- Control Quick Initialization
- Creation of non-migratable Basic User Key
- EFS certificate expiration warning occurrence
- EFS certificate type and enrollment
- EFS self-signed certificates validity period
- Enable caching of Basic User Password
- Enforce enabling of Password Reset
- Enforce Enhanced Authentication
- Enforce strong private key protection for MS-CAPI signing keys
- File location for Personal Secure Drive
- Minimum free space after PSD creation
- URL to start from wizard for certificate enrollment
- Stand-alone Computer Version Settings
- All Versions Settings