Tuesday, November 16, 2010

Oracle Solaris 11 Express 2010.11: Trusted Platform Module

Wyllys Ingersoll wrote a great post today on the new Trusted Platform Module, and the plugin, pkcs11_tpm.so, that hooks it all into the Oracle Solaris Cryptographic Framework in Oracle Solaris 11 Express 2010.11.  You can enable and disable the TPM provider via cryptoadm:

# cryptoadm list -p provider=/usr/lib/security/\$ISA/pkcs11_tpm.so
/usr/lib/security/$ISA/pkcs11_tpm.so: all mechanisms are enabled.

# cryptoadm disable provider=/usr/lib/security/\$ISA/pkcs11_tpm.so mechanism=all

# cryptoadm list -p provider=/usr/lib/security/\$ISA/pkcs11_tpm.so
/usr/lib/security/$ISA/pkcs11_tpm.so: all mechanisms are disabled.
# cryptoadm enable provider=/usr/lib/security/\$ISA/pkcs11_tpm.so mechanism=all
You can find out more about configuring the actual TPM device over on Wyllys's blog.