Manualshelf

HP-UX Trusted Computing Services A.01.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Trusted Computing Services (TCS) Software
12345678910
1 HP-UX TCS Overview
This chapter provides an overview of the HP-UX Trusted Computing Services. It addresses the
following topics:
“Technology Overview” (page 7)
Architecture” (page 8)
“TPM Key Hierarchy” (page 10)
“TPM Utilities” (page 10)
“HP-UX TCS-EVFS Integration” (page 11)
Technology Overview
HP-UX Trusted Computing Services (TCS) provides software support for hardware enforced
key management on supported HP Integrity servers running HP-UX 11i v2. By providing a low
cost embedded security chip option called a Trusted Platform Module (TPM) in its ZX2-based
Integrity servers, HP has established a foundation for strong protection of sensitive information,
such as cryptographic keys.
Built around industry standards, the TPM provides a basis for key storage by securely generating
and storing cryptographic keys. HP-UX TCS takes this a step further by providing the necessary
infrastructure for managing the TPM and by integrating it into select features, such as HP-UX
Encrypted Volumes and File Systems (EVFS).
HP-UX TCS includes the following components:
A kernel driver for base communications with the TPM hardware
An industry-standard Trusted Computing Group Software Stack (TSS) implementation
based on the open source TrouSerS product. TrouSerS was created and released by IBM.
More information on TSS is available at:
http://www.trustedcomputinggroup.org
A set of management utilities for initial setup and ongoing maintenance of the TPM,
supporting operations such as backup and restoration
Additional commands for on-demand encryption and decryption of user-selected files and
directories
A module for EVFS that enables secure storage of EVFS private keys using the TPM
The TPM serves as an independent processing unit with nonvolatile memory for storage of
sensitive information. It contains functions for asymmetric encryption and signing (PKI),
cryptographic key generation, random number generation, and hashing. The TPM, in combination
with firmware, loader, and kernel modifications, is used to build a chain of trust which can then
be extended across the network.
Technology Overview 7