Sun Crypto Accelerator 6000 Board User’s Guide for Version 1.1
|
|
Installing the Sun Crypto Accelerator 6000 Board |
This chapter describes how to install the Sun Crypto Accelerator 6000 hardware on both the Oracle Solaris and Linux operating systems, how to install and remove the software, and also how to migrate back to 1.0 software and firmware.
This chapter includes the following sections:
|
Caution - If you want the ability to return to a Version 1.0 environment, you must make a backup of the 1.0 keystore and master key prior to upgrading to 1.1. See Migrating Back to Version 1.0 From 1.1.
|
Once you have installed the hardware and software of the board, you must initialize the board with configuration and keystore information. See Initializing the Board With scamgr for information on how to initialize the board.
Handling the Board
Each board is packed in a special antistatic bag to protect it during shipping and storage. To avoid damaging the static-sensitive components on the board, reduce any static electricity on your body before touching the board by using one of the following methods:
- Touch the metal frame of the computer.
- Attach an antistatic wrist strap to your wrist and to a grounded metal surface.
|
Caution - To avoid damaging the sensitive components on the board, wear an antistatic wrist strap when handling the board, hold the board by its edges only, and always place the board on an antistatic surface (such as the plastic bag it came in).
|
Installing the Board on Oracle Solaris Platforms
Installing the Sun Crypto Accelerator 6000 Board involves inserting the board into the system and loading the software tools. The hardware installation instructions include only general steps for installing the board. Refer to the documentation that came with your system for specific installation instructions.
Install the Hardware
|
1. As superuser, follow the instructions that came with your system to shut down and power off the computer, disconnect the power cord, and remove the computer cover.
2. Locate an unused PCI slot (preferrably an x8 PCI Express slot).
3. Attach an antistatic wrist strap to your wrist, and attach the other end to a grounded metal surface.
4. Using a Phillips screwdriver, remove the screw from the PCI slot cover.
Save the screw to hold the bracket in Step 6.
5. Holding the Sun Crypto Accelerator 6000 Board by its edges only, take it out of the plastic bag and insert it into the PCI slot.
6. Secure the screw on the rear bracket.
7. Replace the computer cover, reconnect the power cord, and power on the system.
8. Verify that the board is properly installed.
- For Oracle Solaris SPARC platforms, enter the prtdiag command from a terminal:
% prtdiag
========================= IO Configuration =========================
IO
Location Type Slot Path Name Model
---------- ---- ---- ----------------------------------- ------------- ---------
IOBD/NET0 PCIE IOBD /pci@780/pci@0/pci@1/network@0 network-pciex8086,105e
IOBD/NET1 PCIE IOBD /pci@780/pci@0/pci@1/network@0,1 network-pciex8086,105e
IOBD/PCIE0 PCIE 0 /pci@780/pci@0/pci@8/pci@0/pci108e,5ca0@e pci108e,5ca0
IOBD/PCIX PCIX IOBD /pci@7c0/pci@0/pci@1/pci@0/isa@2 isa
IOBD/PCIX PCIX IOBD /pci@7c0/pci@0/pci@1/pci@0/usb@5 usb-pciclass,0c0310
IOBD/PCIX PCIX IOBD /pci@7c0/pci@0/pci@1/pci@0/usb@6 usb-pciclass,0c0310
IOBD/PCIX PCIX IOBD /pci@7c0/pci@0/pci@1/pci@0/ide@8 ide-pci10b9,5229
IOBD/PCIX PCIX PCIX /pci@7c0/pci@0/pci@1/pci@0,2/LSILogic,sas@2 LSILogic,sas-pci1000,50 LSI,1064
IOBD/NET2 PCIE IOBD /pci@7c0/pci@0/pci@2/network@0 network-pciex8086,105e
IOBD/NET3 PCIE IOBD /pci@7c0/pci@0/pci@2/network@0,1 network-pciex8086,105e
|
In the preceding example, the /pci@780/pci@0/pci@8/pci@0/pci108e,5ca0@e identifies the device path to the Sun Crypto Accelerator 6000 Board. There is one such line for each board in the system.
- For Oracle Solaris x86 platforms, enter the scanpci command from a terminal:
# /usr/X11/bin/scanpci
...
pci bus 0x0082 cardnum 0x0e function 0x00: vendor 0x108e device 0x5ca0
Sun Microsystems Computer Corp. Device unknown
|
Installing the Sun Crypto Accelerator 6000 Software With the install Script
There are two methods to install the software, manually or with the install script. This section describes how to install the software with the install script. To install the software manually, refer to Installing the Software on Oracle Solaris Platforms Without the Installation Script.
The install script identifies which platform you are installing on (Oracle Solaris SPARC or x86, Linux x86 or x64) and calls the appropriate installation scripts for your platform. The install script also automatically installs the required patches before installing the software.
In addition to the software provided on the product CD, required software is provided at My Oracle Support (http://support.oracle.com).
For CD installations, the install script path is as follows:
/cdrom/cdrom0/Sun_Crypto_Acc_6000
Otherwise, the install script paths for Solaris 10 and Solaris 11 are as follows:
Solaris 10 - Sun_Crypto_Acc_6000-1_1-u2-Solaris/Solaris10
Solaris 11 - Sun_Crypto_Acc_6000-1_1-u2-Solaris/Solaris11
Install the Software With the install Script
|
1. If installing from a CD, insert the Sun Crypto Accelerator 6000 CD into a CD-ROM drive that is connected to your system.
- If your system is running Sun Enterprise Volume Manager, the system should automatically mount the CD-ROM to the /cdrom/cdrom0 directory.
- If your system is not running Sun Enterprise Volume Manager, mount the CD-ROM as follows:
# mount -F hsfs -o ro /dev/dsk/c0t6d0s2 /cdrom
|
You see the following files and directories in the /cdrom/cdrom0/Sun_Crypto_Acc_6000 directory:
TABLE 2-1 Files in the /cdrom/cdrom0/Sun_Crypto_Acc_6000 Directory
File or Directory
|
Contents
|
|
README
|
|
|
Copyright
|
U.S. copyright file
|
FR_Copyright
|
French copyright file
|
install
|
Script that installs the Sun Crypto Accelerator 6000 packages for both Oracle Solaris SPARC and x86 systems, and for Linux x86 or x64 systems
|
Solaris/sparc
|
Contains the Oracle Solaris SPARC software packages:
- SUNWmcact - Activation file
- SUNWmcadevfw - Development firmware
- SUNWmcaf - FMA support
- SUNWmcafw - Firmware
- SUNWmcamn - Manual pages
- SUNWmcar - Drivers
- SUNWmcau - User components
- SUNWscafsu - Financial services (usr)
- SUNWscafsm - Financial services manual pages
- SUNWscamga - Administration client
- SUNWscamgm - Administration manual pages
- SUNWscamgr - Administration (root)
- SUNWscamgu - Administration (usr)
|
Solaris/i386/
|
Contains the Oracle Solaris i386 software packages:
- SUNWmcact - Activation file
- SUNWmcaf - FMA support
- SUNWmcafw - Firmware
- SUNWmcamn - Manual pages
- SUNWmcar - Drivers
- SUNWmcau - User components
- SUNWscafsu - Financial services (usr)
- SUNWscafsm - Financial services manual pages
- SUNWscamga - Administration client
- SUNWscamgm - Administration manual pages
- SUNWscamgr - Administration (root)
- SUNWscamgu - Administration (usr)
|
Solaris/install
|
Script that installs the software packages for both Oracle Solaris SPARC and x86 systems. This script is normally called by the main install script.
|
Solaris/remove
|
Script that removes the software packages for Oracle Solaris SPARC and x86 systems.
|
Linux/supported-kernel
|
Contains the Linux x86 or x64 software rpm packages:
- sun-sca6000 - software and drivers
- sun-sca6000 - admin - administration utilities
- sun-sca6000 - config - configuration files for administration and keystore I/O services
- sun-sca6000-man - user documentation
- sun-sca6000-var - variable length files
- sun-sca6000-libs - supporting libraries
- sun-nss - Netscape Security Services libraries and tools
- sun-nspr - Netscape Portable Runtime Layer libraries
|
Linux/install
|
Script that installs the Sun Crypto Accelerator 6000 packages for Linux systems. This script is normally called by the main install script.
|
Linux/remove
|
Script that removes the Sun Crypto Accelerator 6000 packages for Linux x86 systems.
|
docs
|
Contains the PDF pointer document that links to the required software and the latest user’s guide (this document) and product notes.
|
2. Install the required software by typing:
# cd path_to_install_script
# ./install
|
The install script analyzes the system to identify the system architecture and the required patches. The install script then installs those patches, and installs the main software appropriate for your system. The following is an example of running the install script on a Oracle Solaris SPARC system.
Note - The copyright and license information is omitted from the following example. Refer to Appendix C for copyright and software licenses.
|
# ./install
[Licensing Text Output]
Do you accept the license agreement? [y/n]: y
This program installs the software for the Sun Crypto Accelerator
6000, Version 1.1.
Copyright 2007 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.
The Sun Crypto Accelerator 6000 Board User's Guide and the
Sun Crypto Accelerator 6000 Board Release Notes can be
found at:
http://docs.oracle.com
Please read and understand these documents prior to software installation.
Do you wish to continue the installation? [y,n,?] y
Checking for optional package dependencies...
Do you wish to install the optional Crypto IPsec Acceleration software
(SUNWmcact)? [y,n,?,q] y
This script is about to take the following actions:
- Install Sun Crypto Accelerator 6000 support for Solaris 10
- Install Optional Crypto IPsec Acceleration software
To cancel installation of this software, press 'q' followed by a Return.
**OR**
Press Return key to begin installation:
*** Installing Sun Crypto Accelerator 6000 software for Solaris 10...
Installing packages:
SUNWmcafw SUNWmcact SUNWmcamn SUNWmcar SUNWmcau SUNWscafsm SUNWscafsu SUNWscamga SUNWscamgm SUNWscamgr SUNWscamgu
Installing SUNWmcafw...
was successful.
Installing SUNWmcact...
was successful.
Installing SUNWmcamn...
was successful.
Installing SUNWmcar...
was successful.
Installing SUNWmcau...
was successful.
Installing SUNWscafsm...
was successful.
Installing SUNWscafsu...
was successful.
Installing SUNWscamga...
was successful.
Installing SUNWscamgm...
was successful.
Installing SUNWscamgr...
was successful.
Installing SUNWscamgu...
was successful.
*** Installation complete.
To remove this software, use the 'remove' script on this CDROM, or
the following script:
/var/tmp/crypto_acc.remove
A log of this installation can be found at:
/var/tmp/crypto_acc.install.2007.10.18.0743
|
Directories and Files for Oracle Solaris Platforms
TABLE 2-2 shows the directories created on your system by the default installation of the Sun Crypto Accelerator 6000 software.
TABLE 2-2 Sun Crypto Accelerator 6000 Directories and Files for Solaris Platforms
Directory
|
Contents
|
/kernel/drv
|
Driver configuration files
|
/kernel/drv/sparcv9
|
64-bit SPARC drivers
|
/kernel/drv/amd64
|
64-bit AMD drivers
|
/opt/SUNWsca/include
|
Financial services header files
|
/opt/SUNWsca/lib
|
Financial services libraries
|
/opt/SUNWsca/lib/sparcv9
|
Financial services libraries
|
/opt/SUNWsca/lib/amd64
|
Financial services libraries
|
/opt/SUNWsca/man
|
Financial services man pages
|
/usr/lib/crypto
|
Services
|
/usr/lib/crypto/firmware/sca
|
Firmware files
|
/usr/lib/rcm/scripts
|
RCM scripts
|
/usr/man
|
Man pages
|
/usr/sbin
|
Administration utilities
|
/var/sca/keydata
|
Keystore files (encrypted)
|
/var/sca/log
|
Service log files
|
/var/sca/cfg
|
Centralized keystore (CKS) bootstrap files
|
/var/sca/private
|
Security files for the CKS
|
/var/svc/manifest/device
|
Service manifests
|
Note - Once you install the Sun Crypto Accelerator 6000 hardware and software, you need to initialize the board with configuration and keystore information. See Initializing the Board With scamgr for information on how to initialize the board.
|
Removing the Sun Crypto Accelerator 6000 Software on Oracle Solaris Platforms With the remove Script
If you used the install script to install the software, use the remove script on the CD-ROM to remove the software. If you installed the software without the install script, see Removing the Software on Oracle Solaris Platforms Without the remove Script.
Remove the Software With the remove Script on the CD-ROM
|
1. Insert the Sun Crypto Accelerator 6000 CD-ROM.
2. Type the following:
# /var/tmp/crypto_acc.remove
All required software for the Sun Crypto Accelerator 6000
software will be REMOVED.
The following packages will be removed:
SUNWscamgu SUNWscamgr SUNWscamgm SUNWscamga SUNWscafsu SUNWscafsm SUNWmcau SUNWmcar SUNWmcamn SUNWmcafw SUNWmcact
To cancel removal of this software, press ’q’ followed by a Return.
**OR**
Press Return key to begin package removal:
*** Found the following packages to remove:
SUNWscamgu SUNWscamgr SUNWscamgm SUNWscamga SUNWscafsu SUNWscafsm SUNWmcau SUNWmcar SUNWmcamn SUNWmcafw SUNWmcact
*** Removing old package(s)...
Stopping scad Service
Removing scad Service from SMF
Stopping scakiod Service
Removing scakiod Service from SMF
Removal of <...> was successful.
...
*** Done. A log of this removal can be found at:
/var/tmp/crypt_acc.remove.2007.10.18
|
For Oracle Solaris 11, Remove the Software With the remove Script
|
1. Change to the Solaris11 directory.
# cd Sun_Crypto_Acc_6000-1_1-u2-Solaris/Solaris11
|
2. Enter the following.
Installing the Software on Oracle Solaris Platforms Without the Installation Script
This section describes how to install the software manually without using the installation script provided on the product CD.
Refer to the latest version of the Sun Crypto Accelerator 6000 Board Product Notes for Version 1.1 for a list of the required patches. You must install all of the required patches before installing the main software. The latest product notes are available at: http://docs.oracle.com/cd/E19321-01/index.html
Note - The install script automatically identifies your system architecture, installs the required patches, and installs the main software appropriate for your system.
|
In addition to the software provided on the product CD, required software is provided at My Oracle Support (http://support.oracle.com).
Install the Software Without the install Script
|
1. If installing from a CD, insert the Sun Crypto Accelerator 6000 CD into a CD-ROM drive that is connected to your system.
- If your system is running Sun Enterprise Volume Manager, the system should automatically mount the CD-ROM to the /cdrom/cdrom0 directory.
- If your system is not running Sun Enterprise Volume Manager, mount the CD-ROM as follows:
# mount -F hsfs -o ro /dev/dsk/c0t6d0s2 /cdrom
|
The required packages must be installed in a specific order and must be installed before installing any optional packages. Once the required packages are installed, you can install and remove the optional packages in any order.
2. If installing from a CD, install the required software packages by typing:
# cd /cdrom/cdrom0/Sun_Crypto_Acc_6000/Packages
# pkgadd -d . SUNWmcafw SUNWmcact SUNWmcamn SUNWmcar SUNWmcau SUNWscafsm SUNWscafsu SUNWscamga SUNWscamgm SUNWscamgr SUNWscamgu
|
3. If not installing from a CD, enter the following commands:
# cd /Sun_Crypto_Acc_6000-1_1-u2-Solaris/Solaris11
# pkg install -g repo SUNWmcact SUNWmcafw SUNWmcamn SUNWmcar SUNWmcau SUNWscafsm SUNWscafsu SUNWscamga SUNWscamgm SUNWscamgr
# pkg install -g repo SUNWscamgu
|
4. (Optional) To verify that the software is installed properly, run the pkginfo command.
# pkginfo SUNWmcafw SUNWmcact SUNWmcamn SUNWmcar SUNWmcau SUNWscafsm SUNWscafsu SUNWscamga SUNWscamgm SUNWscamgr SUNWscamgu
system SUNWmcact Sun Crypto Accelerator 6000 Activation File
system SUNWmcafw Sun Crypto Accelerator 6000 Firmware
system SUNWmcamn Sun Crypto Accelerator 6000 Manual Pages
system SUNWmcar Sun Crypto Accelerator 6000 Drivers
system SUNWmcau Sun Crypto Accelerator 6000 User Components
system SUNWscafsu Sun Crypto Accelerator Financial Services
system SUNWscafsm Sun Crypto Accelerator Financial Services Man Pages
system SUNWscamga Sun Crypto Accelerator Administration Client
system SUNWscamgm Sun Crypto Accelerator Administration Man Pages
system SUNWscamgr Sun Crypto Accelerator Administration (root)
system SUNWscamgu Sun Crypto Accelerator Administration (usr)
|
5. (Optional) To ensure that the driver is attached, use one of the following commands:
- For Oracle Solaris SPARC platforms, use the prtdiag command.
Refer to the prtdiag(1M) online manual pages.
- For Oracle Solaris x86 platforms, use the scanpci command.
# /usr/X11/bin/scanpci
...
pci bus 0x0082 cardnum 0x0e function 0x00: vendor 0x108e device 0x5ca0
Sun Microsystems Computer Corp. Device unknown
|
6. (Optional) Use the modinfo command to see that modules are loaded.
# modinfo | grep Crypto
62 1317f62 20b1f 198 1 crypto (MCA Crypto 1.0)
197 136d5d6 19b0 199 1 cryptoadm (MCA Crypto Control 1.0)
|
See Directories and Files for Oracle Solaris Platforms for a description of the directories and files in the default installation.
Removing the Software on Oracle Solaris Platforms Without the remove Script
If you have created keystores (see Managing Keystores With scamgr), you must delete the keystore information that the Sun Crypto Accelerator 6000 Board is configured with before removing the software. The zeroize command removes all key material, but does not delete the keystore files that are stored in the file system of the physical host in which the board is installed. See the Perform a Software Zeroize on the Board for details on the zeroize command. If you have not yet created any keystores, you can skip this procedure.
Delete Existing Keystores
|
1. Become superuser.
2. Remove the keystore files with the rm command.
|
Caution - Do not delete a keystore that is currently in use or that is shared by other users and keystores. To free references to keystores, you might have to shut down the web server, administration server, or both.
|
For example:
Remove the Software Without the removeScript
|
|
Caution - Before removing the Sun Crypto Accelerator 6000 software, disable any web servers you have enabled for use with the Sun Crypto Accelerator 6000 board. Failure to do so leaves those web servers nonfunctional.
|
As superuser, use the pkgrm command (for Solaris 10) or pkg uninstall command (for Solaris 11) to remove only the software packages you installed.
|
Caution - Installed packages must be removed in the order shown. Failure to remove them in this order could result in dependency warnings and leave kernel modules loaded.
|
For Solaris 10, if you installed all the packages, you would remove them as follows:
# pkgrm SUNWscamgu SUNWscamgr SUNWscamgm SUNWscamga SUNWscafsu SUNWscafsm SUNWmcau SUNWmcar SUNWmcamn SUNWmcafw SUNWmcact
|
For Solaris 11, if you installed all the packages, you would remove them as follows:
# pkg uninstall SUNWmcact SUNWmcafw SUNWmcamn SUNWmcar SUNWmcau SUNWscafsm SUNWscafsu SUNWscamga SUNWscamgm SUNWscamgr
# pkg uninstall SUNWscamgu
|
Installing the Sun Crypto Accelerator 6000 Board on Linux Platforms
openCryptoki software is required for the board on Linux platforms. You must install openCryptoki before installing the software. Refer to Appendix B to install the openCryptoki software.
Install the Sun Crypto Accelerator 6000 Hardware on Linux Platforms
|
Note - openCryptoki must be installed before installing the Sun Crypto Accelerator 6000 packages.
|
1. Follow the steps in Install the Hardware.
2. After the system is running, type the following command to verify the board is installed properly:
The output of the previous command should contain the following line:
Network and computing encryption device: Sun Microsystems Computer Corp.: Unknown device 5ca0
|
Install the Sun Crypto Accelerator 6000 Software on Linux Platforms With the install Script
|
1. Insert the Sun Crypto Accelerator 6000 CD into a CD-ROM drive that is connected to your system and enter the following command:
% ./install
Do you accept the license agreement? [y/n]: y
Installing required packages:
sun-nspr-4.6.7-2.i386.rpm
sun-nss-3.11.7-2.i386.rpm
sun-sca6000-admin-1.1-1.i386.rpm
sun-sca6000-var-1.1-1.i386.rpm
sun-sca6000-config-1.1-1.i386.rpm
sun-sca6000-libs-1.1-1.i386.rpm
sun-sca6000-1.1-1.i386.rpm
sun-sca6000-man-1.1-1.i386.rpm
sun-sca6000-firmware-1.1-1.i386.rpm
To remove this software, use the ’remove’ script on this CDROM, or
the following script:
/var/tmp/crypto_acc.remove
A log of this installation can be found at:
/var/tmp/crypto_acc.install.2007.10.31.1009
|
Installing the Sun Crypto Accelerator 6000 Software on Linux Platforms Without the install Script
The packages for SuSE Linux Enterprise Server 9 Service Pack 3 are in the
2.6.5-7.244-smp-x86_64 directory. The packages for Red Hat Enterprise Linux 4.0 Update 2 are in the 2.6.9-22.ELsmp-x86_64 directory. The packages are as follows:
- sun-nspr-4.6.7-2.x86_64.rpm
- sun-nss-3.11.7-2.x86_64.rpm
- sun-sca6000-1.1-1.x86_64.rpm
- sun-sca6000-admin-1.1-1.x86_64.rpm
- sun-sca6000-config-1.1-1.x86_64.rpm
- sun-sca6000-firmware-1.1-1.x86_64.rpm
- sun-sca6000-libs-1.1-1.x86_64.rpm
- sun-sca6000-man-1.1-1.x86_64.rpm
- sun-sca6000-var-1.1-1.x86_64.rpm
Install the Software Without the install Script
|
1. If it is not already on the system, install the NSPR and NSS libraries and
tools:
% rpm -i sun-nspr-4.6.7-2.x86_64.rpm sun-nss-3.11.7-2.x86_64.rpm
% rpm -i sun-sca6000-admin-1.1-1.x86_64.rpm sun-sca6000-config-1.1-1.x86_64.rpm
sun-sca6000-firmware-1.1-1.x86_64.rpm sun-sca6000-libs-1.1-1.x86_64.rpm
sun-sca6000-var-1.1-1.x86_64.rpm sun-sca6000-1.1-1.x86_64.rpm
|
2. Change to the appropriate directory for your platform and enter the following command:
% rpm -i sun-sca6000-man-1.1-1.x86_64.rpm sun-sca6000-admin-1.1-1.x86_64.rpm sun-sca6000-var-1.1-1.x86_64.rpm sun-sca6000-config-1.1-1.x86_64.rpm sun-sca6000-1.1-1.x86_64.rpm sun-sca6000-firmware-1.1-1.x86_64.rpm
|
3. (Optional) To ensure that the driver is attached, use the scanpci command.
# /usr/X11R6/bin/scanpci
...
pci bus 0x0082 cardnum 0x0e function 0x00: vendor 0x108e device 0x5ca0
Sun Microsystems Computer Corp. Device unknown
|
Directories and Files for Linux Platforms
TABLE 2-3 shows the directories created on your system by the default installation of the Sun Crypto Accelerator 6000 software.
TABLE 2-3 Directories and Files for Linux Platforms
Directory
|
Contents
|
/etc/init.d
|
Start and stop scripts (links)
|
/etc/rc5.d
|
Service configuration files
|
/etc/opt/sun/sca6000
|
Daemon configuration files
|
/opt/sun/sca6000/bin
|
Application executables, drivers, and the scamgr utility
|
/opt/sun/sca6000/bin/drv
|
Driver files
|
/opt/sun/sca6000/firmware
|
Firmware files
|
/opt/sun/sca6000/lib
|
openCryptoki plug-in and application libraries
|
/opt/sun/sca6000/man
|
Man pages
|
/opt/sun/sca6000/sbin
|
Administration utilities and services and daemon executables
|
/opt/sun/sca6000/private/lib
|
Support libraries
|
/opt/sun/sca6000/private/lib64
|
Support libraries
|
/usr/local/lib/opencryptoki/stdll/
|
openCryptoki plug-in files
|
/var/opt/sun/sca6000/keydata
|
Keystore files (encrypted)
|
/var/opt/sun/sca6000/lock
|
Service lock files
|
/var/opt/sun/sca6000/log
|
Service log files
|
/var/opt/sun/sca6000/private
|
Security files for centralized
keystore
|
/var/opt/sun/sca6000/cfg
|
Centralized keystore (CKS) bootstrap files
|
Note - Once you install the Sun Crypto Accelerator 6000 hardware and software, you must initialize the board with configuration and keystore information. See Initializing the Board With scamgr for information on how to initialize the board.
|
Removing the Sun Crypto Accelerator 6000 Software on Linux PlatformsRemoving the Sun Crypto Accelerator 6000 Software With the remove Script
All applications, such as Sun Java System and Apache Web Servers, that are using the board must be stopped before uninstalling the Sun Crypto Accelerator 6000 software.
Remove the Software With the remove Script
|
1. Enter the following command.
# /var/tmp/crypto_acc.remove
All required software for the Sun Crypto Accelerator 6000
software will be REMOVED.
The following packages will be removed:
sun-sca6000-firmware-1.1-1 sun-sca6000-man-1.1-1 sun-sca6000-1.1-1 sun-sca6000-libs-1.1-1 sun-sca6000-config-1.1-1 sun-sca6000-var-1.1-1 sun-sca6000-admin-1.1-1
To cancel removal of this software, press ’q’ followed by a Return.
**OR**
Press Return key to begin package removal.
*** Found the following packages to remove:
sun-sca6000-firmware-1.1-1 sun-sca6000-man-1.1-1 sun-sca6000-1.1-1 sun-sca6000-libs-1.1-1 sun-sca6000-config-1.1-1 sun-sca6000-var-1.1-1 sun-sca6000-admin-1.1-1
*** Removing old package(s)...
Removing sun-sca6000-firmware-1.1-1 package...
Removing sun-sca6000-man-1.1-1 package...
Removing sun-sca6000-1.1-1 package...
Removing sun-sca6000-libs-1.1-1 package...
Removing sun-sca6000-config-1.1-1 package...
Removing sun-sca6000-var-1.1-1 package...
Removing sun-sca6000-admin-1.1-1 package...
*** Done. A log of this removal can be found at:
/var/tmp/crypt_acc.remove.2007.10.31
|
Remove the Software Without the remove Script
|
1. Enter one of the following command on one line:
% rpm -e sun-sca6000-1.0-1.x86_64.rpm sun-sca6000-man-1.0-1.x86_64.rpm sun-sca6000-admin-1.0-1.x86_64.rpm sun-sca6000-var-1.0-1.x86_64.rpm sun-sca6000-config-1.0-1.x86_64.rpm sun-sca6000-firmware-1.0-1.x86_64.rpm
% rpm -e sun-sca6000 sun-sca6000-libs sun-sca6000-admin sun-sca6000-var sun-sca6000-config sun-sca6000-firmware
|
Additionally, if no other components are using it on the system:
% rpm -e sun-nss sun-nspr
|
Migrating Back to Version 1.0 From 1.1
There are changes in the keystore implementation for the board that make it incompatible with Version 1.0 firmware. If you want the ability to return to a Version 1.0 environment, you must make a backup of the 1.0 keystore and master key prior to upgrading to 1.1.
Back Up the 1.0 Keystore
|
1. With the 1.0 software and firmware running, use scamgr to log into the board and run the show status command. Make a note of the Keystore Name and Keystore ID fields. For details, see Using the scamgr Utility.
2. Type the backup command to save the master key.
3. Change to /var/sca/keydata and archive the correct keystore directory and configuration file.
The keystore name and ID are shown in the filename for the .conf file and the corresponding directory.
For example, if the keystore name is ks.600054 and the keystore ID is 0000000069efe289, then you will find the following files and directories in /var/sca/keydata:
ks.600054.{69efe289} ks.600054.{69efe289}.conf
|
4. Use the tar command to archive both the .conf file and the entire contents of the directory:
# tar cvfz ks.600054.{69efe289}.tar ks.600054.{69efe289}.conf ks.600054.{69efe289}
|
5. Place the master key backup and keystore tar file in a safe location.
You can now safely upgrade to the 1.1 software and retain the ability to revert back to 1.0 software and firmware.
Restore the 1.0 Software and Firmware:
|
1. While the 1.1 software and firmware is still running, log into the board as the device security officer using scamgr -D and type the zeroize command.
2. Change directories into /var/sca/keydata and remove the .conf file and correspinding keystore directory.
3. Using scadiag -u, load the 1.0 firmware onto the system.
4. After the 1.0 firmware loads, reset the board with the scadiag -r command.
# scadiag -u firmware-file device
# scadiag -r device
|
5. When the board finishes resetting, it will be placed in failsafe mode.
6. Execute the remove script to remove the Sun Crypto Accelerator 6000 1.1 software components from the system.
7. From the 1.0 installation media, execute the install script to load the 1.0 software components.
8. Apply any 1.0 software and firmware patches that are necessary.
Refer to the Sun Crypto Accelerator 6000 Board Product Notes for Version 1.1 (819-5537) at: http://docs.oracle.com/cd/E19321-01/index.html
9. Unpack the 1.0 keystore tar file into /var/sca/keydata
# cd /var/sca/keydata
# tar xvf path-to-tar-file
|
10. Verify that the .conf file and all the contents of the keystore directory are owned by daemon. If not, set them to that ownership:
# chown -R daemon:other keystore.conf-file keystore-directory
|
11. Start the scamgr utility and initialize the board to use an existing keystore, providing the master key backup file in the process.
You have now restored the 1.0 keystore.
Sun Crypto Accelerator 6000 Board User’s Guide for Version 1.1
|
E39851-01
|
|
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.