3 Configuring HP-UX KCM
The products integrated with HP-UX KCM must define the install-time and run-time dependency on HP-UX KCM. This helps to install and load KCM automatically along with the product dependent on HP-UX KCM.
NOTE:
•Before loading HPUX-KCM modules, ensure that /stand/current/mod and /etc directories are accessible.
•HPUX-KCM modules cannot be loaded as a static module as this is not a valid FIPS mode of operation.
•In case a Kernel configuration containing KCM modules are saved (by using kconfig –s), before loading the saved Kernel configuration, ensure that the KCM versions are consistent.
For example, HPUX-KCM 1.0 is installed in a system and the Kernel configuration is saved as ‘backup’. Later KCM is upgraded to 2.0 on the same system. If for some reason, the ‘backup’ Kernel configuration is rebooted, then this leads to an inconsistent state as ‘backup’ contains HPUX-KCM 1.0, whereas the current installed version of HPUX-KCM is 2.0.
An example of defining dependency on HPUX-KCM is given below:
Install-time dependency:
myproduct.psf: vendor
bundle
product
fileset
corequisites.HPUX-KCM.KCM.KCM-LIB,r>=A.01.00.00
end
end
Run-time dependency:
myproduct.modmeta: module myproduct {
. . .
. . .
dependency libkcm_pkcs11
. . .
}