Manualshelf

HP-UX Trusted Computing Services A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Trusted Computing Services (TCS) Software
21222324252627282930
3 Basic TCS Administration
This chapter contains information on basic TCS administrative tasks for day-to-day operation.
For information on advanced administrative tasks see Chapter 8 (page 67).
This chapter addresses the following topics:
“TPM Administration Utilities” (page 29)
“Backing Up and Restoring TCS System Data and Keys” (page 29)
“Backing Up and Restoring TCS System Data Files” (page 30)
“Creating and Restoring TPM Key Backup Files” (page 31)
“Retrieving TPM Status Information” (page 31)
“Specifying Secret Passphrases” (page 32)
“Managing TPM Ownership and the TPM Password” (page 32)
“Specifying the TPM Password” (page 32)
Administering the TPM Password” (page 33)
“Changing the TPM Password” (page 33)
“Restoring the TPM Password File” (page 33)
“Restoring or Migrating the TPM” (page 34)
TPM Administration Utilities
TCS includes the tpmadm and tpmlist utilities to administer the TPM chip and keys. The
tpmadm utility performs TPM administrative tasks, such as the following:
Changing TPM status
Taking ownership of the TPM
Enabling the TPM
Disabling the TPM
Deleting keys
Changing the TPM password
Backing up TPM keys
Restoring TPM keys
The tpmlist utility reports TPM status; for example, whether the TPM is active, enabled, owned,
ownable, or clearable. It also lists information about TPM keys.
The tpmadm and tpmlist commands provide a wide range of subcommands, many of which
are unnecessary for day-to-day administration and use. The following sections describe tasks
needed for basic administration and only the tpmadm and tpmlist subcommands used for
these tasks. A full discussion of tpmadm and tpmlist command options is provided in the
manpages.
Backing Up and Restoring TCS System Data and Keys
You must complete two procedures to back up TCS data:
Back up TCS system data files
Create a TPM key archive file
These procedures save different data sets and in different formats, so you must complete both
procedures.
Backing up TCS system data files saves the TPM password file and the file containing the TPM
keys in system persistent storage. These files are encrypted by the TPM and can be used only on
the system with the same TPM used to create them. Backing up TCS system data also saves the
tcsd configuration file.
TPM Administration Utilities 29