Switch off TCB (Trusted Computing Base) Post: 87091

Sponsored Content

Operating Systems AIX Switch off TCB (Trusted Computing Base) Post 87091 by bakunin on Thursday 20th of October 2005 04:16:32 AM

10-20-2005

Registered User

Switch off TCB (Trusted Computing Base)

I wanted to do an "Alternate Disk Migration" via my NIM server to update several clients (all LPARs in a p670) from 5.1 ML6 to 5.2 ML3. As a prerequisite the procedure says "if the system has the Trusted Computing Base enabled it has to be switched off before".

Well, i didn't give this too much consideration when planning the migration, surely how to switch it off is somewhere in the OS manual, right?

Or so i thought. After feeling like an idiot for not knowing how to do it and not even be able to find it in the manual i started asking colleagues - no luck. After consulting several Usenet newsgroups (comp.os.unix.aix, etc.) and Unix boards (like www.unix.com) and finding out that the question has been asked two or three times but never been answered I felt less like an idiot - misery loves company.

So at last I gave IBM a call and opened a PMR - and, since i was already running out of time in my service window, i opened a Prio1-call for the first time in my life. I told them what i wanted ("disable TCB, the Trusted Computing Base") and was told i will be called back. The phone rang within ten minutes and the first phonecall went like like this:

IBM Technician (IT) (utterly self-confident): "So, you want to switch off TCP/IP. Fine, go to SMIT..."
Me (ME): "Sorry to interrupt you, but i said quite clearly: I'd like to disable *TCB*, the Trusted Computing Base."
IT (less confident now): "Oh, .... Why?"
ME: "I want to do an Alternate Disk Migration and as a prerequisite the procedure reads 'TCB will have to be disabled', so I want to do exactly that. Alas, the whole OS manual doesn't say anything about how to disable it."
IT (trying to regain some composure): "Well, it can only be switched on during installation...."
ME: "I *know* how to *enable* it, how is it disabled?"
IT: "hmm, Uhmmm, yes, ... I will have to consult the manual."
ME (dryly): "There i have looked already and it doesn't cover the issue."
IT: "Uhm, yes, but we have internal papers...."

Well so far the first call. To be just it has to be said that he called me back half an hour later and sent me an email complete with the procedure and an explanation why it would have to be disabled (NFS can't provide all the information about the files being installed which TCB would need to keep its database. IBM calls the information missing "file metadata").

Further, if you plan to do the same, be warned: disabling TCB means installing/migrating without TCB so you can't reenable it after the migration (why would anyone want to, anyway?).

Ladies and Gentlemen, for the first time in the world, up to now unanswered in public newsgroups, here is the correct way to disable the TCB mentioned so casually in the Alternate Disk Migration procedure:

Code:

odmget -q attribute=TCB_STATE PdAt | sed 's/tcb_enabled/tcb_disabled/' | odmchange -o PdAt -q attribute=TCB_STATE

And, as an added bonus, here is how to enable tcbck after the migration again (of course, without TCB being reenabled, the effect of disabling it is permanent):

Code:

odmget -q attribute=TCB_STATE PdAt | sed 's/tcb_disabled/tcb_enabled/' | odmchange -o PdAt -q attribute=TCB_STATE

Hope this helps.

bakunin

bakunin

View Public Profile for bakunin

Find all posts by bakunin

8 More Discussions You Might Find Interesting

1. Cybersecurity

Trusted Computing

About a year ago, a friend of mine who worked on the OReilly Snort book took a propsal he and I had worked on for a book on Trusted Computing. Though the editor thought the content was good and worthwhile, he felt that there wasn't enough of a market to justify printing such a work. How many...

2. Virtualization and Cloud Computing

Event Cloud Computing - IBM Turning Data Centers Into ?Computing Cloud?

Tim Bass Thu, 15 Nov 2007 23:55:07 +0000 *I predict we may experience less*debates*on the use of the term “event cloud”*related to*CEP in the future, now that both IBM and Google* have made announcements about “cloud computing” and “computing cloud”, IBM Turning Data Centers Into ‘Computing...

3. AIX

AIX and TCB

Hi I have a question with regards to AIX 5.3 & TCB. I have a client that is requesting TCB to be installed in AIX. However it seems that the perception of TCB is that it causes major headaches when it comes to configuring the system in real world environments, such as large scale Oracle...

4. AIX

Implementing a TCB-Environment in AIX

Habe folgende Frage an der ich mich schwer tue, Welche M�glichkeiten bietet IBM's Betriebssystem "AIX" hinsichtlich der Ausbildung einer TCB-Umgebung? vielen Dank

5. Linux

Linux kernel & Trusted Computing

Anyone have a current/cumulative list of all Trusted Computing-based drivers, modules, etc., that have been added to the kernel?

6. Red Hat

CentOS 6.1 base install (like FreeBSD base install)?

Hello, What is the simplest way to install CentOS 6.1 with console base-system only using official LiveDVD image on VirtualBox machine? I'd like to get simplest console with network support like FreeBSD base installation. Then, install services which I need. The installer jest extracts the...

7. AIX

Is it must to enable TCB on AIX LPARs ?

Hi, I've verified my AIX 7.1 LPAR , and TCB is disabled by default. #odmget -q attribute=TCB_STATE PdAt PdAt: uniquetype = "" attribute = "TCB_STATE" deflt = "tcb_disabled" values = "" width = "" type = "" generic = "" ...

8. UNIX for Beginners Questions & Answers

Adding an application in trusted computing base

How to add new application/ code into trusted computing base in linux? or How to bind new command for IMA-measurement at boot time in Ubuntu?

LEARN ABOUT DEBIAN

tspi_decodeber_tssblob

Tspi_DecodeBER_TssBlob(3)			     TCG Software Stack Developer's Reference				 Tspi_DecodeBER_TssBlob(3)

NAME

       Tspi_DecodeBER_TssBlob - unwraps a BER-encoded TSS blob.

SYNOPSIS

       #include <tss/tspi.h>

       TSS_RESULT Tspi_DecodeBER_TssBlob(UINT32  berBlobSize, BYTE*   berBlob,
					 UINT32* blobType,    UINT32* rawBlobSize,
					 BYTE*	 rawBlob);

DESCRIPTION

       Tspi_DecodeBER_TssBlob	is used to unwrap a BER-encoded blob in accordance with the ASN.1 data definitions in the Portable Data section of
       the Trusted Computing Group Software Stack Specification Version 1.2.

PARAMETERS

   berBlobSize
       Size of the BER-encoded blob.

   berBlob
       Pointer to the BER-encoded blob.

   blobType
       Pointer to the type of blob being unwrapped (refer to the TSS_BLOB_TYPE_* constants).

   rawBlobSize
       Pointer to the size of the rawBlob buffer.  On input this parameter contains a pointer to the maximum size of the supplied rawBlob  buffer.
       On  output this parameter contains a pointer to the actual size of the unwrapped blob.  On input, if this parameter points to a value of 0,
       then this function will return the size of the buffer required to hold the unwrapped blob without writing to the rawBlob buffer.

       Note: The output data must be shorter than the BER-encoding, so berBlobSize is a useful upper limit on rawBlob buffer size.

   rawBlob
       Pointer to a buffer to hold the unwrapped blob.

RETURN CODES

       Tspi_EncodeDER_TssBlob returns TSS_SUCCESS on success, otherwise one of the following values are returned:

       TSS_E_BAD_PARAMETER

       TSS_E_INTERNAL_ERROR - An error occurred internal to the TSS.

CONFORMING TO

       Tspi_DecodeBER_TssBlob conforms to the Trusted Computing Group Software Specification Version 1.2

SEE ALSO

       Tspi_DecodeBER_TssBlob(3).

TSS 1.2 							    2007-06-12						 Tspi_DecodeBER_TssBlob(3)