Manualshelf

HP-UX Trusted Computing Services A.02.00 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX Trusted Computing Services (TCS) Software
1234567
This document provides information about the A.02.00 release of HP-UX Trusted Computing
Services on HP-UX 11i v3.
HP-UX Trusted Computing Services Overview
HP-UX Trusted Computing Services (TCS) provides software support for the Trusted Platform
Module (TPM) chip on HP-UX Integrity servers. The TPM is a low cost, embedded security chip
available for selected ZX2-based Integrity servers that provides hardware-enforced key
management. TCS and TPM provide additional protection for cryptographic keys by ensuring
a given private key can be utilized only with a specific and unique TPM chip mounted on a
system board.
Built according to industry standards, the Trusted Platform Module (TPM) provides secure key
services by securely generating and storing cryptographic keys. TCS provides application services
and commands that allow users to generate keys using the TPM and manage these keys.
Applications such as such as HP-UX Secure Shell (SSH), HP-UX Encrypted Volumes and File
Systems (EVFS), and Stunnel can acquire TPM protection by using TCS to add their cryptographic
keys to the TPM key hierarchy.
TCS is primarily composed of the following elements:
A kernel driver for base communications with the TPM hardware.
An industry standard Trusted Computing Group Software Stack (TSS) implementation
based on the open source TrouSerS product. TrouSerS was created and released by IBM.
More information on TSS is available at:
http://www.trustedcomputinggroup.org
A set of management utilities for initial setup and ongoing maintenance of the TPM, including
operations such as key backup and restoration.
Utilities for on-demand encryption and decryption of user-specified files and directories.
A utility for generating RSA asymmetric key pairs with private key components that are
secured by the TPM.
The TPM OpenSSL engine, a binary executable that enables OpenSSL applications to use
private keys secured by the TPM. This executable is dynamically loadable using the OpenSSL
engine mechanism.
A module for EVFS that allows the secure storage of EVFS private keys using the TPM.
The TCS application level software stack is a modified version of Trousers. Trousers is a Common
Public License (CPL) licensed Trusted Computing Group Software Stack (TSS) that enables
multiple applications to simultaneously access and use the TPM without requiring the applications
to explicitly synchronize access. TCS complies with the TSS 1.1 Golden specification.
HP-UX TCS software is available at no cost, and is fully supported under the HP-UX 11i support
contract.
New and Changed Features in This Release
HP-UX TCS version A.02.00 includes the following new features:
The tpmcreate utility for generating RSA asymmetric key pairs with private key
components that are secured by the TPM. You can use these keys to create OpenSSL
certificates or for HP-UX Secure Shell (SSH) server keys.
An OpenSSL engine that enables OpenSSL applications to use private keys secured by the
TPM.
HP-UX Trusted Computing Services Overview 5