HP-UX Trusted Computing Services A.01.00 Administrator's Guide

restoration of the information stored in the TPM. HP recommends backing up

the TPM immediately after installation to enable recovery in the event of a

hardware failure.

tpmlist

Extracts state information from the TPM. It also provides a list of the TPM keys

saved in System Persistent Storage (a local database for storing encrypted keys

outside of the TPM).

tpmencrypt ,

tpmdecrypt

Encrypts a set of files or directories using the system processor for bulk

encryption performance. The bulk encryption key is then encrypted using the

TPM for additional security. Information encrypted using a platform’s TPM is

not available for decryption on another platform.

HP-UX TCS-EVFS Integration

Although the HP-UX TCS product installs with the necessary library to enable integration with

EVFS, this library is not configured for use with EVFS by default. EVFS does not support the use

of multiple key protection mechanisms simultaneously. If you configure EVFS for TCS protection,

the default EVFS software key protection is disabled, making any existing EVFS keys unusable.

The /opt/tcs/misc/evfs_setup script simplifies the configuration of HP-UX TCS for EVFS.

Invoking this script configures the HP-UX TCS library in /etc/evfs/evfs.conf, and sets an

appropriate flag in /etc/rc.config.d/tcsconf. Once HP-UX TCS is configured for EVFS,

all subsequent EVFS key creation and usage, for example, evfspkey keygen, evfsvol

create, and evfsvol enable, automatically use the TPM to protect the associated EVFS keys.

As with all other information protected with a TPM, once the EVFS keys are created and bound

to a platform TPM, they only function on that platform unless the platform’s keys have been

backed up and restored to another platform. HP strongly recommends backing up the TPM on

a periodic basis using the tpmadm backup command.

HP-UX TCS-EVFS Integration 11