Manualshelf

HP-UX Trusted Computing Services A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Trusted Computing Services (TCS) Software
71727374757677787980
4. On the configuration node, create TCS application keys and any related data files that use
the keys. For example, if you are using a TCS RSA key pair, create the key pair and security
certificate.
NOTE: Do not create TCS application keys on the other nodes. These keys will be unusable
after you migrate the RK from the configuration node to the other nodes.
5. Create a TPM key archive file using the tpmadm backup command.
For example:
# tpmadm backup filename=/tmp/tpmKeyArchive
The tpmadm utility prompts you for the TPM password if it cannot get the password from
the TPM password file (/etc/opt/tcs/passwd) or the TPM_PASSWD environment variable.
It also prompts you for a secret to protect the TPM key archive file if the TCS_PASS
environment variable is not set.
NOTE: Make a note of the secret; you will need it to restore the TPM key archive file.
6. Copy the following files to the other cluster nodes:
The TPM key archive file
Any TCS application keys and any related files that use the keys, such as TCS RSA key
pairs and security certificates created using those keys
7. On the other cluster nodes, use the tpmadm restore command to install the RK from the
configuration node. The tpmadm utility will back up and remove the RK and TCS application
keys currently in system persistent storage. It then encrypts the RK from the imported file
with the SRK on the local TPM and registers the descendent keys with the local TPM.
For example:
# tpmadm restore filename=/tmp/tpmKeyArchive
The tpmadm utility prompts you for the local TPM password if it cannot get the password
from the TPM password file (/etc/opt/tcs/passwd) or the TPM_PASSWD environment
variable. It also prompts you for the secret used to protect the TPM key archive file when it
was created if the TCS_PASS environment variable is not set.
Following this step, all nodes in the cluster have the same value for the RK, but each copy
is encrypted with the local SRK. All nodes in the cluster have the same TCS application keys
in system persistent storage.
Clearing TPM Ownership
There are two ways to clear TPM ownership:
Clearing TPM Ownership 71