HP-UX Trusted Computing Services A.02.00 Administrator's Guide

2 Installing TCS

This chapter describes how to install, upgrade, reinstall, and remove TCS. This chapter addresses

the following topics:

• “Installing TCS” (page 19)

• “Upgrading or Reinstalling TCS” (page 25)

• “Removing TCS” (page 26)

Installing TCS

TCS is supported only on HP-UX servers with TPM hardware. The TPM must be present and

enabled for the configuration phase of TCS to complete successfully.

Alternately, see the installation guide for your TPM-enabled Integrity server, for example: HP

Integrity rx6600: Installation Guide, Appendix A. If the TPM hardware is not enabled, TCS installs

with warnings, but software configuration fails. You can enable the TPM after installing the TCS,

but you must run the swconfig TCS command after enabling the TPM for TCS to operate.

To install TCS on a supported platform, follow these steps:

1. Enable the TPM in firmware.

2. Acquire the TCS software.

3. Install the TCS software.

4. Verify the TCS software installation.

5. Verify that TCS operating.

6. Back up TCS data and keys.

Step 1: Enabling the TPM

Systems that support TCS have a TPM installed, but the TPM must be enabled in firmware as

part of the TCS installation process. To verify whether the TPM is enabled, log in as superuser

and enter the following command:

ioscan | grep “Trusted Platform Module”

If the TPM is enabled, the command output includes a line indicating a hardware address for

the TPM and unknown as the class for the TPM.

If the TPM is not enabled, you can enable it using one of the following methods:

• Use the EFI Boot Manager

• Use the command line in the EFI shell

Both methods require you to reboot the system.

Enabling the TPM from the EFI Boot Manager

To enable the TPM from the EFI Boot Manager, follow these steps:

1. Access the EFI Boot Manager.

2. From the Boot Menu in the EFI utility, select Security Configuration and press Enter.

Installing TCS 19