HP Sure Recover User Guide

Start-Sleep -Seconds 3

$p = New-HPSureRecoverDeprovisionPayload `

-SigningKeyPassword $skpw `

-SigningKeyFile "$path\sk.pfx"

$p | Set-HPSecurePlatformPayload

Start-Sleep -Seconds 3

Write-host 'Deprovisioning P21'

$p = New-HPSecurePlatformDeprovisioningPayload `

-verbose `

-EndorsementKeyPassword $pw `

-EndorsementKeyFile "$Path\kek.pfx"

$p | Set-HPSecurePlatformPayload

Write-Host 'Final secure platform state:'

Get-HPSecurePlatformState

}

Generisanje uzorka ključa pomoću OpenSSL-a

Uskladištite privatne ključeve na bezbednoj lokaciji. Javni ključevi će se koristiti za proveru valjanosti i moraju

se navesti tokom obezbeđivanja. Ovi ključevi moraju da imaju dužinu od 2048 bitova i moraju da koriste

eksponent od 0x10001. Zamenite temu u primerima informacijama o vašoj organizaciji.

Postavite sledeću promenljivu okruženja pre nego što nastavite:

set OPENSSL_CONF=<path>\openssl.cnf

# Create a self-signed root CA certificate for testing

openssl req -sha256 -nodes -x509 -newkey rsa:2048 -keyout ca.key -out

ca.crt -subj

"/C=US/ST=State/L=City/O=Company/OU=Org/CN=www.example.com“

# Create a key endorsement certificate

openssl req -sha256 -nodes -newkey rsa:2048 -keyout kek.key -out kek.csr -

subj

"/C=US/ST=State/L=City/O=Company/OU=Org/CN=www.example.com“

openssl x509 -req -sha256 -in kek.csr -CA ca.crt -CAkey ca.key -

CAcreateserial -out kek.crt

14 Poglavlje 4 Rad sa programom HP Client Management Script Library (CMSL)