HP-UX Trusted Computing Services A.01.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Trusted Computing Services (TCS) Software

7 Advanced HP-UX TCS Administration

The majority of the day-to-day management of the TPM can be accomplished with a few simple

commands, as described in Chapter 4 (page 23). However, the TCS management commands

also offer many options for advanced administration. A selection of these command options are

described in this chapter.

This chapter addresses the following topics:

• “Advanced HP-UX TCS System Data Backup and Restore” (page 33)

• “Key Management” (page 33)

• “Key Deletion” (page 35)

• “Configuring Products Protected by HP-UX TCS on Serviceguard Clusters” (page 35)

Advanced HP-UX TCS System Data Backup and Restore

HP-UX TCS system data is located in the /etc/opt/tcs/ directory, which contains the following

files:

passwd

TPM owner password, if it is stored on the system

tcsd.conf

TSS configuration file (do not modify)

system.data

TSS system persistent storage

.trousers/user.data

TSS root user persistent storage

HP recommends that you back up this directory periodically.

NOTE: Backing up the /etc/opt/tcs/ directory is different than tpmadm backup and

tpmadm restore, which are used for TPM key restoration, migration, or redundancy.

The system data is TPM- and platform-dependent. It cannot be restored to a system with a

different TPM. To restore HP-UX TCS system data, follow these steps:

1. Stop tcsd using /sbin/init.d/tcs stop.

2. Restore the /etc/opt/tcs/ directory.

3. Restart tcsd using /sbin/init.d/tcs start.

Key Management

This section provides information on using the tpmlist keyinfo, tpmlist keys, and tpmadm

deletekeys commands for key management.

The tpmlist keyinfo command lists detailed information about a particular key. In the

following example, tpmlist keyinfo lists details for the RK.

# tpmlist keyinfo uuid=rk

------------------------------------

Key UUID: 00000000-0000-0000-0000-000000000003

Parent UUID: 00000000-0000-0000-0000-000000000001

Version: 01010107

Usage: 0x0004 (Storage)

Flags: 0x00000002 (!VOLATILE, MIGRATABLE, !REDIRECTION)

AuthUsage: 0x00 (Never)

Algorithm: 0x00000020 (RSA)

Encryption Scheme: 0x00000012 (RSAESOAEP_SHA1_MGF1)

Signature Scheme: 0x00000010 (None)

Public Key Size: 256 bytes

Public Key:

8c56179d 37b596b6 4060b123 c08bd516 58bde30f 11c3b02a 154b1af4 31f52a3e

1dd28057 ed9d3175 575100de 362f0de8 0acc5d5b a986db3d 92e5f6ac f1ff8626

95355d3a 6b6f302f b8152020 42c7d747 ebba6f3b bd5dab2b d4358c95 c5a840d0

dba85cd0 fd458fe5 d25f5bf8 39b2cb63 6efec51b bd9a897b 2aafb562 c4d963a0

46a1b10b 27bf9690 3c5b98c6 c8b91696 1aced878 62ccd34d 7ca3ce2f b3b1ba7a

Advanced HP-UX TCS System Data Backup and Restore 33