Sun Crypto Accelerator 6000 Board User’s Guide for Version 1.1 Table Of ContentsPrevious ChapterNext ChapterBook Index
C H A P T E R  2
Feedback Installing the Sun Crypto Accelerator 6000 Board

This chapter describes how to install the Sun Crypto Accelerator 6000 hardware on both the Oracle Solaris and Linux operating systems, how to install and remove the software, and also how to migrate back to 1.0 software and firmware.

This chapter includes the following sections:


caution icon Caution - If you want the ability to return to a Version 1.0 environment, you must make a backup of the 1.0 keystore and master key prior to upgrading to 1.1. See Migrating Back to Version 1.0 From 1.1.

Once you have installed the hardware and software of the board, you must initialize the board with configuration and keystore information. See Initializing the Board With scamgr for information on how to initialize the board.

Handling the Board

Each board is packed in a special antistatic bag to protect it during shipping and storage. To avoid damaging the static-sensitive components on the board, reduce any static electricity on your body before touching the board by using one of the following methods:


caution icon Caution - To avoid damaging the sensitive components on the board, wear an antistatic wrist strap when handling the board, hold the board by its edges only, and always place the board on an antistatic surface (such as the plastic bag it came in).

Installing the Board on Oracle Solaris Platforms

Installing the Sun Crypto Accelerator 6000 Board involves inserting the board into the system and loading the software tools. The hardware installation instructions include only general steps for installing the board. Refer to the documentation that came with your system for specific installation instructions.


procedure icon  Install the Hardware

1. As superuser, follow the instructions that came with your system to shut down and power off the computer, disconnect the power cord, and remove the computer cover.

2. Locate an unused PCI slot (preferrably an x8 PCI Express slot).

3. Attach an antistatic wrist strap to your wrist, and attach the other end to a grounded metal surface.

4. Using a Phillips screwdriver, remove the screw from the PCI slot cover.

Save the screw to hold the bracket in Step 6.

5. Holding the Sun Crypto Accelerator 6000 Board by its edges only, take it out of the plastic bag and insert it into the PCI slot.

6. Secure the screw on the rear bracket.

7. Replace the computer cover, reconnect the power cord, and power on the system.

8. Verify that the board is properly installed.

In the preceding example, the /pci@780/pci@0/pci@8/pci@0/pci108e,5ca0@e identifies the device path to the Sun Crypto Accelerator 6000 Board. There is one such line for each board in the system.

Installing the Sun Crypto Accelerator 6000 Software With the install Script

There are two methods to install the software, manually or with the install script. This section describes how to install the software with the install script. To install the software manually, refer to Installing the Software on Oracle Solaris Platforms Without the Installation Script.

The install script identifies which platform you are installing on (Oracle Solaris SPARC or x86, Linux x86 or x64) and calls the appropriate installation scripts for your platform. The install script also automatically installs the required patches before installing the software.

In addition to the software provided on the product CD, required software is provided at My Oracle Support (http://support.oracle.com).

For CD installations, the install script path is as follows:

/cdrom/cdrom0/Sun_Crypto_Acc_6000

Otherwise, the install script paths for Solaris 10 and Solaris 11 are as follows:

Solaris 10 - Sun_Crypto_Acc_6000-1_1-u2-Solaris/Solaris10

Solaris 11 - Sun_Crypto_Acc_6000-1_1-u2-Solaris/Solaris11


procedure icon  Install the Software With the install Script

1. If installing from a CD, insert the Sun Crypto Accelerator 6000 CD into a CD-ROM drive that is connected to your system.

You see the following files and directories in the /cdrom/cdrom0/Sun_Crypto_Acc_6000 directory:


TABLE 2-1 Files in the /cdrom/cdrom0/Sun_Crypto_Acc_6000 Directory

File or Directory

Contents

 

README

 

 

Copyright

U.S. copyright file

FR_Copyright

French copyright file

install

Script that installs the Sun Crypto Accelerator 6000 packages for both Oracle Solaris SPARC and x86 systems, and for Linux x86 or x64 systems

Solaris/sparc

Contains the Oracle Solaris SPARC software packages:

  • SUNWmcact - Activation file
  • SUNWmcadevfw - Development firmware
  • SUNWmcaf - FMA support
  • SUNWmcafw - Firmware
  • SUNWmcamn - Manual pages
  • SUNWmcar - Drivers
  • SUNWmcau - User components
  • SUNWscafsu - Financial services (usr)
  • SUNWscafsm - Financial services manual pages
  • SUNWscamga - Administration client
  • SUNWscamgm - Administration manual pages
  • SUNWscamgr - Administration (root)
  • SUNWscamgu - Administration (usr)

Solaris/i386/

Contains the Oracle Solaris i386 software packages:

  • SUNWmcact - Activation file
  • SUNWmcaf - FMA support
  • SUNWmcafw - Firmware
  • SUNWmcamn - Manual pages
  • SUNWmcar - Drivers
  • SUNWmcau - User components
  • SUNWscafsu - Financial services (usr)
  • SUNWscafsm - Financial services manual pages
  • SUNWscamga - Administration client
  • SUNWscamgm - Administration manual pages
  • SUNWscamgr - Administration (root)
  • SUNWscamgu - Administration (usr)

Solaris/install

Script that installs the software packages for both Oracle Solaris SPARC and x86 systems. This script is normally called by the main install script.

Solaris/remove

Script that removes the software packages for Oracle Solaris SPARC and x86 systems.

Linux/supported-kernel

Contains the Linux x86 or x64 software rpm packages:

  • sun-sca6000 - software and drivers
  • sun-sca6000 - admin - administration utilities
  • sun-sca6000 - config - configuration files for administration and keystore I/O services
  • sun-sca6000-man - user documentation
  • sun-sca6000-var - variable length files
  • sun-sca6000-libs - supporting libraries
  • sun-nss - Netscape Security Services libraries and tools
  • sun-nspr - Netscape Portable Runtime Layer libraries

Linux/install

Script that installs the Sun Crypto Accelerator 6000 packages for Linux systems. This script is normally called by the main install script.

Linux/remove

Script that removes the Sun Crypto Accelerator 6000 packages for Linux x86 systems.

docs

Contains the PDF pointer document that links to the required software and the latest user’s guide (this document) and product notes.


2. Install the required software by typing: 


# cd path_to_install_script
# ./install

The install script analyzes the system to identify the system architecture and the required patches. The install script then installs those patches, and installs the main software appropriate for your system. The following is an example of running the install script on a Oracle Solaris SPARC system.


Note - The copyright and license information is omitted from the following example. Refer to Appendix C for copyright and software licenses. 


# ./install
 
[Licensing Text Output]
 
Do you accept the license agreement? [y/n]: y
 
This program installs the software for the Sun Crypto Accelerator
6000, Version 1.1.
 
Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
Use is subject to license terms.
 
The Sun Crypto Accelerator 6000 Board User's Guide and the
Sun Crypto Accelerator 6000 Board Release Notes can be
found at:
       http://docs.oracle.com
 
Please read and understand these documents prior to software installation.
 
Do you wish to continue the installation? [y,n,?] y
Checking for optional package dependencies...
 
Do you wish to install the optional Crypto IPsec Acceleration software
(SUNWmcact)?  [y,n,?,q] y
 
This script is about to take the following actions:
- Install Sun Crypto Accelerator 6000 support for Solaris 10
- Install Optional Crypto IPsec Acceleration software
 
To cancel installation of this software, press 'q' followed by a Return.
         **OR**
Press Return key to begin installation:
 
*** Installing Sun Crypto Accelerator 6000 software for Solaris 10...
Installing packages:
        SUNWmcafw SUNWmcact SUNWmcamn SUNWmcar SUNWmcau SUNWscafsm SUNWscafsu SUNWscamga SUNWscamgm SUNWscamgr SUNWscamgu
 
Installing SUNWmcafw...
    was successful.
Installing SUNWmcact...
    was successful.
Installing SUNWmcamn...
    was successful.
Installing SUNWmcar...
    was successful.
Installing SUNWmcau...
    was successful.
Installing SUNWscafsm...
    was successful.
Installing SUNWscafsu...
    was successful.
Installing SUNWscamga...
    was successful.
Installing SUNWscamgm...
    was successful.
Installing SUNWscamgr...
    was successful.
Installing SUNWscamgu...
    was successful.
 
*** Installation complete.
 
To remove this software, use the 'remove' script on this CDROM, or
the following script:
 
        /var/tmp/crypto_acc.remove
 
A log of this installation can be found at:
        /var/tmp/crypto_acc.install.2007.10.18.0743

Directories and Files for Oracle Solaris Platforms

TABLE 2-2 shows the directories created on your system by the default installation of the Sun Crypto Accelerator 6000 software.


TABLE 2-2 Sun Crypto Accelerator 6000 Directories and Files for Solaris Platforms

Directory

Contents

/kernel/drv

Driver configuration files

/kernel/drv/sparcv9

64-bit SPARC drivers

/kernel/drv/amd64

64-bit AMD drivers

/opt/SUNWsca/include

Financial services header files

/opt/SUNWsca/lib

Financial services libraries

/opt/SUNWsca/lib/sparcv9

Financial services libraries

/opt/SUNWsca/lib/amd64

Financial services libraries

/opt/SUNWsca/man

Financial services man pages

/usr/lib/crypto

Services

/usr/lib/crypto/firmware/sca

Firmware files

/usr/lib/rcm/scripts

RCM scripts

/usr/man

Man pages

/usr/sbin

Administration utilities

/var/sca/keydata

Keystore files (encrypted)

/var/sca/log

Service log files

/var/sca/cfg

Centralized keystore (CKS) bootstrap files

/var/sca/private

Security files for the CKS

/var/svc/manifest/device

Service manifests



Note - Once you install the Sun Crypto Accelerator 6000 hardware and software, you need to initialize the board with configuration and keystore information. See Initializing the Board With scamgr for information on how to initialize the board.

Removing the Sun Crypto Accelerator 6000 Software on Oracle Solaris Platforms With the remove Script

If you used the install script to install the software, use the remove script on the CD-ROM to remove the software. If you installed the software without the install script, see Removing the Software on Oracle Solaris Platforms Without the remove Script.


procedure icon  Remove the Software With the remove Script on the CD-ROM

1. Insert the Sun Crypto Accelerator 6000 CD-ROM.

2. Type the following: 


# /var/tmp/crypto_acc.remove
All required software for the Sun Crypto Accelerator  6000
software  will be REMOVED.
 
The following packages will be removed:
 SUNWscamgu SUNWscamgr SUNWscamgm SUNWscamga SUNWscafsu SUNWscafsm SUNWmcau SUNWmcar SUNWmcamn SUNWmcafw SUNWmcact
To cancel removal of this software, press ’q’ followed by a Return.
         **OR**
Press Return key to begin package removal:
*** Found the following packages to remove:
              SUNWscamgu SUNWscamgr SUNWscamgm SUNWscamga SUNWscafsu SUNWscafsm SUNWmcau SUNWmcar SUNWmcamn SUNWmcafw SUNWmcact
*** Removing old package(s)...
Stopping scad Service
Removing scad Service from SMF
Stopping scakiod Service
Removing scakiod Service from SMF
 
Removal of <...> was successful. 
...
*** Done.  A log of this removal can be found at:
        /var/tmp/crypt_acc.remove.2007.10.18


procedure icon  For Oracle Solaris 11, Remove the Software With the remove Script

1. Change to the Solaris11 directory. 


# cd Sun_Crypto_Acc_6000-1_1-u2-Solaris/Solaris11

2. Enter the following. 


# ./remove

Installing the Software on Oracle Solaris Platforms Without the Installation Script

This section describes how to install the software manually without using the installation script provided on the product CD.

Refer to the latest version of the Sun Crypto Accelerator 6000 Board Product Notes for Version 1.1 for a list of the required patches. You must install all of the required patches before installing the main software. The latest product notes are available at: http://docs.oracle.com/cd/E19321-01/index.html


Note - The install script automatically identifies your system architecture, installs the required patches, and installs the main software appropriate for your system.

In addition to the software provided on the product CD, required software is provided at My Oracle Support (http://support.oracle.com).


procedure icon  Install the Software Without the install Script

1. If installing from a CD, insert the Sun Crypto Accelerator 6000 CD into a CD-ROM drive that is connected to your system.

The required packages must be installed in a specific order and must be installed before installing any optional packages. Once the required packages are installed, you can install and remove the optional packages in any order.

2. If installing from a CD, install the required software packages by typing: 


# cd /cdrom/cdrom0/Sun_Crypto_Acc_6000/Packages 
# pkgadd -d . SUNWmcafw SUNWmcact SUNWmcamn SUNWmcar SUNWmcau SUNWscafsm SUNWscafsu SUNWscamga SUNWscamgm SUNWscamgr SUNWscamgu

3. If not installing from a CD, enter the following commands: 


# cd /Sun_Crypto_Acc_6000-1_1-u2-Solaris/Solaris11
# pkg install -g repo SUNWmcact SUNWmcafw SUNWmcamn SUNWmcar SUNWmcau SUNWscafsm SUNWscafsu SUNWscamga SUNWscamgm SUNWscamgr
# pkg install -g repo SUNWscamgu

4. (Optional) To verify that the software is installed properly, run the pkginfo command. 


# pkginfo SUNWmcafw SUNWmcact SUNWmcamn SUNWmcar SUNWmcau SUNWscafsm SUNWscafsu SUNWscamga SUNWscamgm SUNWscamgr SUNWscamgu
system      SUNWmcact  Sun Crypto Accelerator 6000 Activation File
system      SUNWmcafw  Sun Crypto Accelerator 6000 Firmware
system      SUNWmcamn  Sun Crypto Accelerator 6000 Manual Pages
system      SUNWmcar   Sun Crypto Accelerator 6000 Drivers
system      SUNWmcau   Sun Crypto Accelerator 6000 User Components
system      SUNWscafsu Sun Crypto Accelerator Financial Services
system      SUNWscafsm Sun Crypto Accelerator Financial Services Man Pages
system      SUNWscamga Sun Crypto Accelerator Administration Client
system      SUNWscamgm Sun Crypto Accelerator Administration Man Pages
system      SUNWscamgr Sun Crypto Accelerator Administration (root)
system      SUNWscamgu Sun Crypto Accelerator Administration (usr)

5. (Optional) To ensure that the driver is attached, use one of the following commands:

Refer to the prtdiag(1M) online manual pages.

6. (Optional) Use the modinfo command to see that modules are loaded. 


# modinfo | grep Crypto
62   1317f62  20b1f 198   1  crypto (MCA Crypto 1.0)
197  136d5d6   19b0 199   1  cryptoadm (MCA Crypto Control 1.0)

See Directories and Files for Oracle Solaris Platforms for a description of the directories and files in the default installation.

Removing the Software on Oracle Solaris Platforms Without the remove Script


Note - Remove the Sun Crypto Accelerator 6000 software manually only if you did not use the install script to install the software. If you installed the software with the installation script, to remove the software, see Removing the Sun Crypto Accelerator 6000 Software on Oracle Solaris Platforms With the remove Script.

If you have created keystores (see Managing Keystores With scamgr), you must delete the keystore information that the Sun Crypto Accelerator 6000 Board is configured with before removing the software. The zeroize command removes all key material, but does not delete the keystore files that are stored in the file system of the physical host in which the board is installed. See the Perform a Software Zeroize on the Board for details on the zeroize command. If you have not yet created any keystores, you can skip this procedure.


procedure icon  Delete Existing Keystores

1. Become superuser.

2. Remove the keystore files with the rm command.


caution icon Caution - Do not delete a keystore that is currently in use or that is shared by other users and keystores. To free references to keystores, you might have to shut down the web server, administration server, or both.

For example: 


# rm /var/sca/keydata


procedure icon Remove the Software Without the removeScript


caution icon Caution - Before removing the Sun Crypto Accelerator 6000 software, disable any web servers you have enabled for use with the Sun Crypto Accelerator 6000 board. Failure to do so leaves those web servers nonfunctional.

single-step bullet  As superuser, use the pkgrm command (for Solaris 10) or pkg uninstall command (for Solaris 11) to remove only the software packages you installed.


caution icon Caution - Installed packages must be removed in the order shown. Failure to remove them in this order could result in dependency warnings and leave kernel modules loaded.

For Solaris 10, if you installed all the packages, you would remove them as follows: 


# pkgrm SUNWscamgu SUNWscamgr SUNWscamgm SUNWscamga SUNWscafsu SUNWscafsm SUNWmcau SUNWmcar SUNWmcamn SUNWmcafw SUNWmcact

For Solaris 11, if you installed all the packages, you would remove them as follows: 


# pkg uninstall SUNWmcact SUNWmcafw SUNWmcamn SUNWmcar SUNWmcau SUNWscafsm SUNWscafsu SUNWscamga SUNWscamgm SUNWscamgr
# pkg uninstall SUNWscamgu

Installing the Sun Crypto Accelerator 6000 Board on Linux Platforms

openCryptoki software is required for the board on Linux platforms. You must install openCryptoki before installing the software. Refer to Appendix B to install the openCryptoki software.


procedure icon  Install the Sun Crypto Accelerator 6000 Hardware on Linux Platforms


Note - openCryptoki must be installed before installing the Sun Crypto Accelerator 6000 packages.

1. Follow the steps in Install the Hardware.

2. After the system is running, type the following command to verify the board is installed properly: 


% lspci

The output of the previous command should contain the following line: 


Network and computing encryption device: Sun Microsystems Computer Corp.: Unknown device 5ca0


procedure icon  Install the Sun Crypto Accelerator 6000 Software on Linux Platforms With the install Script

1. Insert the Sun Crypto Accelerator 6000 CD into a CD-ROM drive that is connected to your system and enter the following command: 


% ./install
Do you accept the license agreement? [y/n]: y
 
Installing required packages:
     sun-nspr-4.6.7-2.i386.rpm
     sun-nss-3.11.7-2.i386.rpm
     sun-sca6000-admin-1.1-1.i386.rpm
     sun-sca6000-var-1.1-1.i386.rpm
     sun-sca6000-config-1.1-1.i386.rpm
     sun-sca6000-libs-1.1-1.i386.rpm
     sun-sca6000-1.1-1.i386.rpm
     sun-sca6000-man-1.1-1.i386.rpm
     sun-sca6000-firmware-1.1-1.i386.rpm
To remove this software, use the ’remove’ script on this CDROM, or
the following script:
       /var/tmp/crypto_acc.remove
 
A log of this installation can be found at:
    /var/tmp/crypto_acc.install.2007.10.31.1009

Installing the Sun Crypto Accelerator 6000 Software on Linux Platforms Without the install Script

The packages for SuSE Linux Enterprise Server 9 Service Pack 3 are in the
2.6.5-7.244-smp-x86_64 directory. The packages for Red Hat Enterprise Linux 4.0 Update 2 are in the 2.6.9-22.ELsmp-x86_64 directory. The packages are as follows:


procedure icon  Install the Software Without the install Script

1. If it is not already on the system, install the NSPR and NSS libraries and

tools: 


% rpm -i sun-nspr-4.6.7-2.x86_64.rpm sun-nss-3.11.7-2.x86_64.rpm 
 
% rpm -i sun-sca6000-admin-1.1-1.x86_64.rpm sun-sca6000-config-1.1-1.x86_64.rpm
sun-sca6000-firmware-1.1-1.x86_64.rpm sun-sca6000-libs-1.1-1.x86_64.rpm
sun-sca6000-var-1.1-1.x86_64.rpm sun-sca6000-1.1-1.x86_64.rpm

2. Change to the appropriate directory for your platform and enter the following command: 


% rpm -i sun-sca6000-man-1.1-1.x86_64.rpm sun-sca6000-admin-1.1-1.x86_64.rpm sun-sca6000-var-1.1-1.x86_64.rpm sun-sca6000-config-1.1-1.x86_64.rpm sun-sca6000-1.1-1.x86_64.rpm sun-sca6000-firmware-1.1-1.x86_64.rpm

3. (Optional) To ensure that the driver is attached, use the scanpci command. 


# /usr/X11R6/bin/scanpci
... 
pci bus 0x0082 cardnum 0x0e function 0x00: vendor 0x108e device 0x5ca0 
  Sun Microsystems Computer Corp.  Device unknown

Directories and Files for Linux Platforms

TABLE 2-3 shows the directories created on your system by the default installation of the Sun Crypto Accelerator 6000 software.


TABLE 2-3 Directories and Files for Linux Platforms

Directory

Contents

/etc/init.d

Start and stop scripts (links)

/etc/rc5.d

Service configuration files

/etc/opt/sun/sca6000

Daemon configuration files

/opt/sun/sca6000/bin

Application executables, drivers, and the scamgr utility

/opt/sun/sca6000/bin/drv

Driver files

/opt/sun/sca6000/firmware

Firmware files

/opt/sun/sca6000/lib

openCryptoki plug-in and application libraries

/opt/sun/sca6000/man

Man pages

/opt/sun/sca6000/sbin

Administration utilities and services and daemon executables

/opt/sun/sca6000/private/lib

Support libraries

/opt/sun/sca6000/private/lib64

Support libraries

/usr/local/lib/opencryptoki/stdll/

openCryptoki plug-in files

/var/opt/sun/sca6000/keydata

Keystore files (encrypted)

/var/opt/sun/sca6000/lock

Service lock files

/var/opt/sun/sca6000/log

Service log files

/var/opt/sun/sca6000/private

Security files for centralized

keystore

/var/opt/sun/sca6000/cfg

Centralized keystore (CKS) bootstrap files



Note - Once you install the Sun Crypto Accelerator 6000 hardware and software, you must initialize the board with configuration and keystore information. See Initializing the Board With scamgr for information on how to initialize the board.

Removing the Sun Crypto Accelerator 6000 Software on Linux Platforms

Removing the Sun Crypto Accelerator 6000 Software With the remove Script

All applications, such as Sun Java System and Apache Web Servers, that are using the board must be stopped before uninstalling the Sun Crypto Accelerator 6000 software.


procedure icon  Remove the Software With the remove Script

1. Enter the following command. 


# /var/tmp/crypto_acc.remove
All required software for the Sun Crypto Accelerator  6000
software  will be REMOVED.
 
The following packages will be removed:
 sun-sca6000-firmware-1.1-1 sun-sca6000-man-1.1-1 sun-sca6000-1.1-1 sun-sca6000-libs-1.1-1 sun-sca6000-config-1.1-1 sun-sca6000-var-1.1-1 sun-sca6000-admin-1.1-1
To cancel removal of this software, press ’q’ followed by a Return.
     **OR**
Press Return key to begin package removal.
 
*** Found the following packages to remove:
              sun-sca6000-firmware-1.1-1 sun-sca6000-man-1.1-1 sun-sca6000-1.1-1 sun-sca6000-libs-1.1-1 sun-sca6000-config-1.1-1 sun-sca6000-var-1.1-1 sun-sca6000-admin-1.1-1
*** Removing old package(s)...
Removing sun-sca6000-firmware-1.1-1 package...
Removing sun-sca6000-man-1.1-1 package...
Removing sun-sca6000-1.1-1 package...
Removing sun-sca6000-libs-1.1-1 package...
Removing sun-sca6000-config-1.1-1 package...
Removing sun-sca6000-var-1.1-1 package...
Removing sun-sca6000-admin-1.1-1 package...
*** Done.  A log of this removal can be found at:
    /var/tmp/crypt_acc.remove.2007.10.31


procedure icon  Remove the Software Without the remove Script

1. Enter one of the following command on one line: 


% rpm -e sun-sca6000-1.0-1.x86_64.rpm sun-sca6000-man-1.0-1.x86_64.rpm sun-sca6000-admin-1.0-1.x86_64.rpm sun-sca6000-var-1.0-1.x86_64.rpm sun-sca6000-config-1.0-1.x86_64.rpm sun-sca6000-firmware-1.0-1.x86_64.rpm
 
% rpm -e sun-sca6000 sun-sca6000-libs sun-sca6000-admin sun-sca6000-var sun-sca6000-config sun-sca6000-firmware

Additionally, if no other components are using it on the system: 


% rpm -e sun-nss sun-nspr

Migrating Back to Version 1.0 From 1.1

There are changes in the keystore implementation for the board that make it incompatible with Version 1.0 firmware. If you want the ability to return to a Version 1.0 environment, you must make a backup of the 1.0 keystore and master key prior to upgrading to 1.1.


procedure icon  Back Up the 1.0 Keystore

1. With the 1.0 software and firmware running, use scamgr to log into the board and run the show status command. Make a note of the Keystore Name and Keystore ID fields. For details, see Using the scamgr Utility.

2. Type the backup command to save the master key.

3. Change to /var/sca/keydata and archive the correct keystore directory and configuration file.

The keystore name and ID are shown in the filename for the .conf file and the corresponding directory.

For example, if the keystore name is ks.600054 and the keystore ID is 0000000069efe289, then you will find the following files and directories in /var/sca/keydata: 


ks.600054.{69efe289}       ks.600054.{69efe289}.conf

4. Use the tar command to archive both the .conf file and the entire contents of the directory: 


# tar cvfz ks.600054.{69efe289}.tar ks.600054.{69efe289}.conf ks.600054.{69efe289}

5. Place the master key backup and keystore tar file in a safe location.

You can now safely upgrade to the 1.1 software and retain the ability to revert back to 1.0 software and firmware.


procedure icon  Restore the 1.0 Software and Firmware:

1. While the 1.1 software and firmware is still running, log into the board as the device security officer using scamgr -D and type the zeroize command.

2. Change directories into /var/sca/keydata and remove the .conf file and correspinding keystore directory.

3. Using scadiag -u, load the 1.0 firmware onto the system.

4. After the 1.0 firmware loads, reset the board with the scadiag -r command. 


# scadiag -u firmware-file device
# scadiag -r device

5. When the board finishes resetting, it will be placed in failsafe mode.

6. Execute the remove script to remove the Sun Crypto Accelerator 6000 1.1 software components from the system.

7. From the 1.0 installation media, execute the install script to load the 1.0 software components.

8. Apply any 1.0 software and firmware patches that are necessary.

Refer to the Sun Crypto Accelerator 6000 Board Product Notes for Version 1.1 (819-5537) at: http://docs.oracle.com/cd/E19321-01/index.html

9. Unpack the 1.0 keystore tar file into /var/sca/keydata 


# cd /var/sca/keydata
# tar xvf path-to-tar-file

10. Verify that the .conf file and all the contents of the keystore directory are owned by daemon. If not, set them to that ownership: 


# chown -R daemon:other keystore.conf-file keystore-directory

11. Start the scamgr utility and initialize the board to use an existing keystore, providing the master key backup file in the process.

You have now restored the 1.0 keystore.

Feedback


Sun Crypto Accelerator 6000 Board User’s Guide for Version 1.1 E39851-01 Table Of ContentsPrevious ChapterNext ChapterBook Index

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.