Manualshelf

HP-UX Trusted Computing Services A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Trusted Computing Services (TCS) Software
81828384858687888990
The tpmadm restore Command Fails
The tpmadm restore command can fail for the following reasons:
You are not superuser.
The tpmadm restore command attempts to delete the existing RK before migrating the
new RK from the TPM key archive file, and the deletion succeeds only if the user has
superuser capabilities.
You entered an incorrect TPM password or secret.
Verify that the TPM password and secret used are the correct length. Verify the methods
used to specify the TPM password and secret, as described in “Specifying the TPM Password”
(page 32) and “Specifying Secret Passphrases” (page 32).
The identd service is not running on your system.
The tcsd daemon uses the identd service to verify the identity of the user before deleting
the existing RK and its descendents. If it cannot contact the identd daemon, the restore
operation fails. Verify that identd is running on the system or the identd daemon is
configured to start as needed through the /etc/inetd.conf file or another mechanism.
TPM Driver Is Unclaimed
The TPM driver does not require a reboot after installation, because it is a dynamically loadable
kernel module (DLKM). However, after the first load of the TPM driver, the TPM device appears
as unclaimed until a new ioscan command is issued.
To verify that the TPM device is claimed, enter the following command:
# ioscan -f | grep -i trust
tpm 0 250/2 tpm CLAIMED INTERFACE Trusted Platform Module
If the installation requires a reboot, a separate ioscan is not needed because the device is claimed
by the DLKM driver at boot time. Because the TPM driver must claim the TPM chip, it is loaded
before device discovery (ioscan) is initiated at boot time. The TPM driver uses the /dev/tpm
character device and the Low Pin Count (LPC) I/O protocol to communicate with the TPM chip.
NOTE: The TPM driver cannot be unloaded if any application has opened the /dev/tpm
character device. The unload operation fails with a "Device Busy" error.
TCS Commands Fail When Run as a Nonprivileged User
Verify that the nonprivileged user has a home directory. The tcsd daemon attempts to create a
.trousers/user.data file under the home directory of the user running the command.
Reporting Problems
If you are unable to solve a problem with TCS, follow these steps:
1. Read the HP-UX Trusted Computing Services Release Notes to see if the problem is known. If
it is, follow the solution offered to solve the problem.
2. Determine if TCS is still under warranty or if your company purchased support services for
TCS. Your operations manager can supply you with the necessary information.
3. Access http://www.itrc.hp.com and search the technical knowledge databases to determine
if the problem you are experiencing has been reported already. The type of documentation
and resources you have access to depend on your level of support.
4. If this is a new problem or if you need additional help, log your problem with the HP
Response Center, either online through the support case manager at http://www.itrc.hp.com
or by calling HP Support. If your warranty has expired or if you do not have a valid support
The tpmadm restore Command Fails 85