Manualshelf

HP-UX Trusted Computing Services A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Trusted Computing Services (TCS) Software
61626364656667686970
Deleting Keys
As a security precaution, the tpmadm deletekeys command does not delete the SRK, the RK,
or the SK. The tpmadm deletekeys command does not require superuser capabilities and
does not require the TPM password. This enables non-superusers to delete user-created keys in
system persistent storage.
The only method to delete the SRK is by clearing TPM ownership, which requires EFI access.
This procedure is described in “Clearing TPM Ownership” (page 71). Clearing TPM ownership
also deletes the SK and RK.
The following commands delete the RK or SK as part of the command function and require
superuser capabilities and the TPM password:
The tpmadm addkey key=rk and tpmadm addkey key=sk commands
These commands add or create the RK or SK and attempt to delete the RK or SK if the key
already exists before adding the new RK or SK.
The tpmadm restore command
This command attempts to delete the existing RK before migrating the new RK from the
TPM key archive file.
NOTE: The tcsd daemon must verify the identity of the user with identd before it deletes
the RK or SK key for a tpmadm addkey or tpmadm restore command. If identd is not
running, tcsd will not delete the RK or SK key and the command fails.
For more information, see tpmadm(1m).
Modifying tcsd Operating Parameters
The /etc/opt/tcs/tcsd.conf file is the configuration file for tcsd. The tcsd daemon reads
the tcsd.conf file when it starts. In most installations, you do not have to modify this file;
however, in some instances, you might want to modify the following options:
port The TCP port that tcsd uses to accept connection requests from local and
remote TSS applications.
Default: 30003.
num_threads The maximum number of threads that tcsd spawns simultaneously to
service applications.
Default: 10.
system_ps_file
The absolute path of the system persistent storage file.
Default: /etc/opt/tcs/system.data.
remote_ops A list of TCS operations that can be executed by the local tcsd by Trusted
Service Providers on remote hosts.
Default: No operations.
For more configuration parameters, see tcsd.conf(4).
After you change the tcsd.conf file, follow these steps to make the changes take effect:
1. Stop tcsd by entering the following command:
/sbin/init.d/tcs stop.
2. Restart tcsd by entering the following command:
/sbin/init.d/tcs start
Modifying tcsd Operating Parameters 69