Manualshelf

HP-UX Trusted Computing Services A.03.00 Release Notes (May 2010, B3921-90026)

ManualsBrandsHP ManualsSoftwareHP-UX Trusted Computing Services (TCS) Software
12345678910
1 HP-UX Trusted Computing Services Overview
HP-UX Trusted Computing Services (TCS) provides software support for the Trusted Platform
Module (TPM) chip on HP-UX Integrity servers. The TPM is a low-cost, embedded security chip
available for select Integrity servers that provides hardware-enforced key management. TCS and
TPM provide additional protection for cryptographic keys by ensuring a given private key can
be utilized only with a specific and unique TPM chip mounted on a system board. TCS v3 supports
both Infineon TPM 1.1 and 1.2 chip versions.
Built according to industry standards, the TPM provides secure key services by securely generating
and storing cryptographic keys. TCS provides application services and commands that allow
you to generate keys using the TPM, and then manage them. Applications such as HP-UX Secure
Shell (SSH), HP-UX Encrypted Volumes and File Systems (EVFS), and Stunnel can acquire TPM
protection by using TCS to add their cryptographic keys to the TPM key hierarchy.
TCS is primarily composed of the following elements:
A kernel driver for base communications with the TPM hardware.
An industry standard Trusted Computing Group Software Stack (TSS) implementation
based on the open source TrouSerS product. TrouSerS was created and released by IBM.
More information on TSS is available at:
http://www.trustedcomputinggroup.org
A set of management utilities for initial setup and ongoing maintenance of the TPM, including
operations such as key backup and restoration.
Utilities for on-demand encryption and decryption of user-specified files and directories.
A utility for generating RSA asymmetric key pairs with private key components that are
secured by the TPM.
The TPM OpenSSL engine a binary executable that enables OpenSSL applications to use
private keys secured by the TPM. This executable is dynamically loadable using the OpenSSL
engine mechanism.
A module for EVFS that allows the secure storage of EVFS private keys using the TPM.
The TCS application level software stack is a modified version of TrouSerS. TrouSerS is a Common
Public License (CPL) licensed Trusted Computing Group Software Stack (TSS) that enables
multiple applications to simultaneously access and use the TPM without requiring the applications
to explicitly synchronize access. TCS complies with the TPM Main Specification Level 2 Version
1.2 in support of TPM 1.2 chips and TPM Main Specification Version 1.1b in support of TPM 1.1
chips.
HP-UX TCS software is available at no cost, and is fully supported under the HP-UX 11i support
contract.
4 HP-UX Trusted Computing Services Overview