Manualshelf

HP-UX Trusted Computing Services A.01.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Trusted Computing Services (TCS) Software
11121314151617181920
2 Acquiring and Installing HP-UX TCS
HP-UX TCS software is intended for use on ZX2-based Integrity servers with embedded security
hardware (TPM) and one of the HP-UX 11i v2 operating environments. The TPM hardware must
be present and enabled for the configuration phase of TCS to complete successfully. For further
details on TPM enablement, see the HP-UX Trusted Computing Services Release Notes in the HP-UX
Trusted Computing Services section at:
http://docs.hp.com/en/internet.html
Alternately, see the installation guide for your TPM-enabled Integrity server, for example: HP
Integrity rx6600: Installation Guide, Appendix A. If the TPM hardware is not enabled, HP-UX TCS
installs with warnings, but software configuration fails. The TPM hardware can be enabled after
installing the HP-UX TCS software, but the swconfig TCS command must be executed following
TPM enablement for HP-UX TCS to become operational.
NOTE: HP-UX TCS installation requires kernel patch PHKL_35428, which can be downloaded
from the HP IT Resource Center (ITRC) at:
http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=PHKL_35428
This patch must be installed before HP-UX TCS is installed, or it must be placed in the same
depot that you use to install HP-UX TCS. PHKL_35428 requires a kernel rebuild and a system
reboot to complete its installation. If PHKL_35428 has been installed, HP-UX TCS installation
does not require a kernel rebuild or a system reboot.
To install HP-UX TCS on a supported platform, follow these steps:
1. Enable the TPM in firmware.
2. Acquire the HP-UX TCS software.
3. Install the HP-UX TCS software.
4. Verify the HP-UX TCS software installation.
5. Verify that the TPM device is recognized.
The following sections describe each step in detail.
Enabling the TPM
Systems that support HP-UX TCS have a TPM installed, but the TPM must be enabled in firmware
as part of the HP-UX TCS installation process. To verify whether the TPM is enabled, log in as
root and run the ioscan | grep Trusted Platform Module command. If the TPM is
enabled, the command output includes a line indicating a hardware address for the TPM and
unknown as the class for the TPM.
If the TPM is not enabled, there are two ways to enable a TPM:
Use the EFI Boot Manager
Use the command line in the EFI shell
Enabling the TPM from the EFI Boot Manager
To enable the TPM from the EFI Boot Manager, follow these steps:
1. Access the EFI Boot Manager.
2. From the Boot Menu in the EFI Shell, select Security Configuration and press Enter.
Enabling the TPM 13