Manualshelf

HP-UX Trusted Computing Services A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Trusted Computing Services (TCS) Software
21222324252627282930
Creating a TPM key archive backs up only the TPM keys in system persistent storage. It does
not back up the TPM password or the tcsd configuration file. A TPM key archive is encrypted
with a user-specified secret and can be used on a platform with a different TPM if the user knows
the secret. Administrators can use a TPM key archive file to migrate TPM keys to another system
and for key redundancy in an HP Serviceguard cluster. You can also use a TPM key archive file
to reinstall TPM keys if you reset the TPM or re-establish the TPM password.
IMPORTANT: HP recommends you save backup copies of TCS system data files and the TPM
key archive file on a secure backup server.
Backing Up and Restoring TCS System Data Files
TCS system data is located in the /etc/opt/tcs/ directory, which includes the following files:
passwd
TPM owner password, if it is stored on the system
tcsd.conf
TSS configuration file
system.data
The default file path for TSS system persistent storage
HP recommends that you back up the files in this directory after you install TCS and at regular
intervals.
Backing Up TCS System Data
Back up the files as you would any other files, using any file backup utility. If you modified the
/etc/opt/tcs/tcsd.conf file to use an alternate file for system persistent storage, back up
the alternate file.
The files will contain data encrypted with information specific to the local TPM and cannot be
restored to a system with a different TPM.
Restoring TCS System Data
To restore TCS system data, follow these steps:
1. Stop tcsd by entering the following command:
/sbin/init.d/tcs stop.
2. Restore the contents of the /etc/opt/tcs/ directory.
3. Verify the ownership and permissions for the /etc/opt/tcs directory and its contents.
The permissions, owner, and group must match the values shown in Table 3-1.
Table 3-1 TCS File Permissions
GroupOwnerPermissionsFile/Directory
tsstssdrwx------/etc/opt/tcs
rootroot-rw-------/etc/opt/tcs/passwd
tsstss-rw-rw----/etc/opt/tcs/system.data
tsstss-rw-r-----/etc/opt/tcs/system.data.auth
tsstss-rw-r-----/etc/opt/tcs/system.data.noauth
tsstss-rw-----/etc/opt/tcs/tcsd.conf
4. Restart tcsd by entering the following command:
/sbin/init.d/tcs start
30 Basic TCS Administration