HP-UX Trusted Computing Services A.01.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Trusted Computing Services (TCS) Software

After clearing the TPM hardware, establish ownership using the swconfig -u TCS; swconfig

TCS 10 command.

NOTE: The TPM driver is a Dynamically Loadable Kernel Module (DLKM) and does not require

a reboot. However, after the first load of the TPM driver, the TPM device still appears as unclaimed

until a new ioscan command is issued. This is expected behavior. If the installation requires a

reboot, a separate ioscan is not needed because the TPM device is claimed by the DLKM driver

at boot time.

Verifying the HP-UX TCS Software Installation

Use the swverify TCS command to verify the installation. If HP-UX TCS is installed correctly

on the system, the swverify TCS command includes the following text in the data it reports:

* Verification succeeded

Check the swinstall.log and the swagent.log log files in the /var/adm/sw/ directory

for messages concerning HP-UX TCS.

Verifying HP-UX TCS Operation

Use the tpmlist status command to verify that HP-UX TCS is operational. If HP-UX TCS is

operational, the tpmlist status command returns the following:

Owned: yes

Activated: yes

Enabled: yes

Ownable: yes

Owner Clear: disabled

Force Clear: disabled

If the tpmlist status command output does not indicate that TCS is operational, see Chapter 8

(page 37).

HP-UX TCS Software Configuration Details

HP-UX TCS software installation normally includes configuration, which renders TCS immediately

operational. Configuration is automatic unless you include -x defer_configure=true when

you run swinstall. Configuration accomplishes the following tasks:

1. If HP-UX TCS is already configured, (for example, if you are installing an update), tcsd is

halted and the TPM driver is unloaded to prevent any applications from using the TPM.

2. The configuration script takes ownership of the TPM, if there is no current owner. Then the

configuration script executes the tpmadm takeownership command to establish the server

as the unique owner, and to set the TPM password. After configuration, you can use the

tpmadm command to change the password or configure the TPM to not have a password.

3. If ownership of the TPM is not already taken, the configuration script uses the tpmadm

command to generate the Roaming Key (RK) and the System Specific Storage Key (SK). See

the tpmadm(1M) manpage.

4. If ownership of the TPM is already taken, the configuration script does not change the RK

or the SK.

HP-UX TCS Files and Directories

The following product files and directories are included with the HP-UX TCS installation:

/opt/tcs/bin/ Binaries such as commands and the tcsd daemon

/opt/tcs/lib/ Libraries (static version of tddl library and shared

optimized version of tspi library)

/opt/tcs/include/

C header files for use with the TSS APIs

/opt/tcs/man/

Manpages

18 Acquiring and Installing HP-UX TCS