Manualshelf

HP-UX Trusted Computing Services A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Trusted Computing Services (TCS) Software
71727374757677787980
Use the EFI Boot Manager
Use the command line in the EFI shell
CAUTION: Do not clear TPM ownership on HP-UX unless absolutely necessary (for example,
if you lose the TPM password). Clearing TPM ownership:
Requires two system reboots.
Deletes the SRK and RK and clears any existing TPM secrets. All TCS application keys
become unusable, and any data or keys encrypted by a TCS application key become unusable.
If you have a TPM key archive file, created using the tpmadm backup command, you can
restore the RK after you clear the TPM. This will enable you to use the TCS application keys
again.
Clearing TPM Ownership Using the EFI Boot Manager
To clear TPM ownership using the EFI Boot Manager, follow these steps:
1. Locate a TPM key archive file created using the tpmadm backup command, if possible.
The TPM key archive file enables you to reinstall and reuse the existing RK and migrate its
descendent TPM keys on the system after you clear TPM ownership. If you cannot locate a
TPM key archive file, you cannot use any existing TPM keys and data encrypted by TPM
keys after you clear TPM ownership.
2. Unconfigure the TCS software. If the TCS_EVFSENABLED flag is set (TCS_EVFSENABLED=1)
in the /etc/rc.config.d/tcsconf file, you must set it 0 before unconfiguring TCS.
Enter the following command to unconfigure TCS:
swconfig -u TCS
3. Access the EFI Boot Manager.
4. From the Boot Menu in the EFI utility, select Security Configuration and press Enter.
NOTE: The EFI Boot Manager screens on your system may vary from those shown
depending on your system type and firmware version.
5. From the Security Configuration menu, select Clear Trusted Platform Module
and press Enter.
72 Advanced TCS Administration