HP-UX Trusted Computing Services A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Trusted Computing Services (TCS) Software

For example:

crw-rw---- 1 tss tss 135 0x000000 Jun 23 10:08 /dev/tpm

4. Confirm that the TPM is installed and enabled. See Chapter 2 (page 19).

5. If needed, reboot the system to clear a transient TPM failure. If the error persists after a

system reboot, you might need to replace the TPM.

6. Verify the ownership and permissions for the /etc/opt/tcs directory and the file used

for TCS system persistent storage (the default is /etc/opt/tcs/system.data). The

permissions, owner, and group must match entries shown in Table 3-1 (page 30).

If TCS directory and system persistent storage file are not accessible, or the system persistent

storage file is corrupt, tcsd does not start.

7. The TPM device driver might not have been installed or configured properly. Enter the

following commands to remove and reinstall the TPM device driver:

swconfig -u TCS; swconfig TCS

If the TCS_EVFSENABLED flag is set (TCS_EVFSENABLED=1) in the /etc/rc.config.d/

tcsconf file, you must set it 0 before entering the swconfig -u TCS command.

If this does not solve the problem, reinstall TCS as described in “Upgrading or Reinstalling

TCS” (page 25).

8. For instructions on how to restore TCS system data, see Chapter 8 (page 67).

9. Make sure the TPM is owned, enabled, and activated. If TCS is running, the tpmlist

status command displays the following message:

Owned: yes

Activated: yes

Enabled: yes

Ownable: yes

Owner Clear: disabled

Force Clear: disabled

10. Enter the following command to reconfigure TCS software:

swconfig TCS

If the problem persists, enable the TPM. See Chapter 2 (page 19).

Troubleshooting TCS Operation with OpenSSL

The troubleshooting procedures for TCS operation with OpenSSL vary depending on the utility

or application used.

Troubleshooting TCS Operation with the openssl Utility

When using a TCS RSA key pair with the openssl utility, openssl displays the following

message if it is able to load the TPM OpenSSL engine:

engine “tpm” set

Some common error messages that might occur are listed in the sections that follow.

Message: invalid engine “tpm”

The openssl utility displays messages similar to the following:

invalid engine "tpm"

15549:error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:378:

id=tpm

15549:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared l

ibrary:dso_dlfcn.c:157:filename(libtpm.so): Unable to find library 'libtpm.so

15549:error:25070067:DSO support routines:DSO_load:could not load the shared lib

rary:dso_lib.c:244:

15549:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:364:

80 TCS Troubleshooting and Known Issues