1. Securing Systems and Attached Devices in Oracle Solaris 11.4
  2. Protecting Oracle Solaris System Integrity
  3. Using Trusted Platform Module
  4. Initializing and Backing Up TPM on Oracle Solaris Systems
  5. How to Back Up TPM Data and Keys (SPARC Only)

How to Back Up TPM Data and Keys (SPARC Only)

After you boot the system for the first time, you should back up the TPM data and keys so that they could be used during future system migrations or hardware replacements.

For multi-domain systems with Oracle Solaris installed, use the tpmadm failover command to specify that TPM data and keys are automatically backed up to the Standby SP on the server. You can use the backed-up TPM data and keys on the new SP for a system migration or hardware replacement. For instructions, see the backup step in How to Initialize TPM Using BIOS (x86 Only).

For all other platforms, use the following procedure to manually back up TPM data and keys for use during a system migration or hardware replacement.

You must assume the root role. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.

  1. In a terminal window, ensure that TPM is enabled.
    # tpmadm status

    If the system notes that no TPM owner is installed, TPM is not initialized. Do not proceed.

  2. Back up the migration data using the ID of the storage root key (SRK).
    #  tpmadm migrate export 00000000-0000-0000-0000-00000000000b

    If the key requires authorization, the system will prompt you for a key password. You will also be prompted for the migration key password.

  3. Verify that the data has been backed up by locating the migration files in /var/tpm/system.
    # ls -l /var/tpm/system/tpm-migration.*
-rw-------   1 root  root  563 July 21 10:45 /var/tpm/system/tpm-migration.dat
-r--------   1 root  root  766 July 21 10:36 /var/tpm/system/tpm-migration.key