Manualshelf

HP-UX Trusted Computing Services A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Trusted Computing Services (TCS) Software
71727374757677787980
16. If you have a TPM key archive file created before you cleared TPM ownership, you can use
the tpmadm restore command to restore the previous RK and migrate its descendent
keys.
For example:
# tpmadm backup filename=/tmp/tpmKeyArchive
Clearing TPM Ownership Using the EFI Shell
To clear TPM ownership using the EFI shell, follow these steps:
1. Locate a TPM key archive file created using the tpmadm backup command, if possible.
The TPM key archive file enables you to reinstall and reuse the existing RK and migrate its
descendent TPM keys on the system after you clear TPM ownership. If you cannot locate a
TPM key archive file, you cannot use any existing TPM keys and data encrypted by TPM
keys after you clear TPM ownership.
2. Unconfigure the TCS software. If the TCS_EVFSENABLED flag is set (TCS_EVFSENABLED=1)
in the /etc/rc.config.d/tcsconf file, you must set it 0 before unconfiguring TCS.
Enter the following command to unconfigure TCS:
swconfig -u TCS
3. Access the EFI shell.
4. Enter the following command at the EFI shell prompt:
secconfig tpm clear
For example:
Shell> secconfig tpm clear
Warning: Resetting to factory defaults will result in loss of information.
Clear the TPM [Y/N]? y
TPM will be resetted to factory default on the next reboot
SYSTEM SECURITY CONFIGURATION
TPM: Activated
TPM Next Boot Status: Force Clear
TPM Vendor ID: 0x15D1
TPM Product ID: 0x0006
TPM TCG Spec Version: 1.1.0.0
A reboot is required for security configuration changes to take effect.
5. Reboot the system.
6. As the system boots, access the EFI shell.
7. Enter the following command at the EFI shell prompt:
secconfig tpm on
For example:
Shell> secconfig tpm on
SYSTEM SECURITY CONFIGURATION
Trusted Boot: Not Supported
TPM: Enabled
TPM Vendor ID: 0x15D1
TPM Product ID: 0x0006
TPM TCG Spec Version: 1.1.0.0
* A reboot is required for security configuration changes to take effect.
8. Reboot the system.
9. As the system boots, access the EFI Boot Manager.
76 Advanced TCS Administration