Contact Us Contact Us

HP-UX Trusted Computing Services

  Software Depot
Electronic download
Frequently asked questions
Product details and specifications

HP-UX Trusted Computing Services (HP-UX TCS) provides software support for hardware-enforced key management on supported HPE Integrity servers running either HP-UX 11i v2 or HP-UX 11i v3.

By providing a low-cost embedded security chip option (known as a Trusted Platform Module) in select Integrity servers, HPE has established a foundation for strong protection of sensitive information - including cryptographic keys. Built around industry standards, the Trusted Platform Module (TPM) provides a basis for key storage by securely generating and storing cryptographic keys. HP-UX TCS takes this a step further by providing the necessary infrastructure for managing the TPM, as well as integrating it into select features such as HP-UX Encrypted Volumes and File Systems (EVFS).

HP-UX TCS is primarily composed of the following elements:

  • A kernel driver for base communications with the TPM hardware.
  • An industry-standard Trusted Computing Group (TCG) Software Stack implementation based on the open source TrouSerS product.
  • A set of management utilities for initial setup and ongoing maintenance of the TPM, supporting operations such as backup and restoration.
  • Utilities for on-demand encryption and decryption of user-selected files and directories.
  • A module for EVFS that allows the secure storage of EVFS private keys using the TPM.
  • A utility for generating RSA key pairs with private key components that are protected by the TPM.
  • The TPM OpenSSL engine - a binary executable that enables OpenSSL applications to use RSA private keys secured by the TPM (This executable is dynamically loadable using the OpenSSL engine mechanism.).
  • Support for TCS commands on TPM 1.2.
  • Additional functionality in the TSS 1.2 API library /opt/tcs/lib/ (This library supports both TPM 1.1 and 1.2 chips.).

By providing Trusted Computing Services for TPM-enabled Integrity platforms, HP-UX 11i continues to raise the bar for platform security. Like most other HP-UX security features, HP-UX TCS software is available at no cost and is fully supported under the HP-UX 11i support contract.

New in HP-UX TCS A.03.20:

  • The TCS product is linked with OpenSSL version 1.0.1 to utilize the latest security updates.
  • The TCS product provides, the TPM OpenSSL Engine file that is compatible with OpenSSL version 1.0.1.

HP-UX TCS requires:

  • An HPE Integrity server with a TPM installed.
  • For HP-UX 11i v2, TCS requires the September 2006 release or later, in addition to the kernel patch PHKL_35428 (click on the Installation link at the bottom of this page for details).
  • For HP-UX 11i v3, no additional patches are necessary.

Using HP-UX TCS with EVFS

Using HP-UX TCS to make the unattended boot capability of EVFS more secure is an important example of how HP-UX TCS can be integrated with other applications to enhance security. For more information, see the chapter on EVFS Keys in your HP-UX Trusted Computing Services administrator guide, available in the HP-UX Trusted Computing Services (TCS) Software section at


The following documents are available in the HP-UX Trusted Computing Services (TCS) Software section at Use the HP-UX Trusted Computing Services A.03.20 Administrator Guide for TCS v3.2.

  • HP-UX Trusted Computing Services A.03.20 Release Notes.
  • HP-UX Trusted Computing Services A.03.20 Administrator Guide for HP-UX 11i v3.

Also, see the following HP-UX TCS manpages:

  • tcsd (1m)
  • tcsd.config (4)
  • tpmadm (1m)
  • tpmlist (1m)
  • tpmcreate (1m)
  • tpmencrypt (1m)
  • tpmdecrypt (1m)
  • tpm_engine (5)

March 2015
Additional product information
Product #: TCS     
Additional info
Version: A.03.20
Software specification: TCS A.01.00 for HP-UX 11i v2(TCS_A.01.00_HP-UX_B.11.23_IA.depot)
TCS A.03.10 for HP-UX 11i v3(TCS_A.03.10_HP-UX_B.11.31_IA.depot)
TCS A.03.20 for HP-UX 11i v3 (TCS_A.03.20_HP-UX_B.11.31_IA.depot)