Manualshelf

HP-UX Trusted Computing Services A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Trusted Computing Services (TCS) Software
21222324252627282930
NOTE: The TPM driver is a Dynamically Loadable Kernel Module (DLKM) and does not
require a reboot. However, after the first load of the TPM driver, the TPM device still appears
as unclaimed until a new ioscan command is issued. This is expected behavior. If the
installation requires a reboot, a separate ioscan command is not needed because the TPM
device is claimed by the DLKM driver at boot time.
Deferring TCS Configuration
By default, the swinstall installation script for TCS also configures TCS, so that TCS is
immediately operational. To defer TCS configuration, include the following specification in the
swinstall command:
-x defer_configure=true
If you use the interactive swinstall interface, select Options, then select the checkbox for Defer
configuration.
TCS Software Configuration Details
When the configuration section of the TCS swinstall script runs, the following events occur:
If TCS is already configured, (for example, if you are updating TCS software), the tcsd
daemon is halted and the TPM driver is unloaded to prevent any applications from using
the TPM.
The script takes ownership of the TPM if there is no current owner. The script then executes
the tpmadm takeownership command to establish the server as the unique owner. This
also sets the TPM password, as described in “Specifying the TPM Password” (page 32).
If the TPM is not already owned, the configuration script uses the tpmadm command to
generate the Roaming Key (RK) and the System Specific Storage Key (SK). See tpmadm(1M)
for more information about these operations.
If the TPM is already owned, the configuration script does not change the RK or the SK.
Step 4: Verifying the TCS Installation
To verify the installation, follow these steps:
1. Enter the following command:
swverify TCS
If TCS is installed correctly on the system, the swverify output includes the following
message:
* Verification succeeded
2. Check the swinstall.log and the swagent.log log files in the /var/adm/sw/ directory
for messages about the TCS product bundle.
Step 5: Verifying TCS Operation
To verify TCS operation, enter the following command:
tpmlist status
The tpmlist status command uses the tcsd daemon to get status information from the
TPM. If TCS is running, this command displays the following message:
Owned: yes
Activated: yes
Enabled: yes
Ownable: yes
Owner Clear: disabled
Force Clear: disabled
24 Installing TCS