HP EliteBook 745 Sure Recover User Guide - Page 20

Sample key generation using OpenSSL, Working with the HP Client Management Script Library CMSL

Get HP EliteBook 745 PDF manuals and user guides View all HP EliteBook 745 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 20 highlights

Start-Sleep -Seconds 3 $p = New-HPSureRecoverDeprovisionPayload ` -SigningKeyPassword $skpw ` -SigningKeyFile "$path\sk.pfx" $p | Set-HPSecurePlatformPayload Start-Sleep -Seconds 3 Write-host 'Deprovisioning P21' $p = New-HPSecurePlatformDeprovisioningPayload ` -verbose ` -EndorsementKeyPassword $pw ` -EndorsementKeyFile "$Path\kek.pfx" $p | Set-HPSecurePlatformPayload Write-Host 'Final secure platform state:' Get-HPSecurePlatformState } Sample key generation using OpenSSL Store the private keys in a safe location. The public keys will be used for validation and must be provided during provisioning. These keys are required to be 2048 bits in length and use an exponent of 0x10001. Replace the subject in the examples with information about your organization. Set the following environment variable before proceeding: set OPENSSL_CONF=\openssl.cnf # Create a self-signed root CA certificate for testing openssl req -sha256 -nodes -x509 -newkey rsa:2048 -keyout ca.key -out ca.crt -subj "/C=US/ST=State/L=City/O=Company/OU=Org/CN=www.example.com" # Create a key endorsement certificate openssl req -sha256 -nodes -newkey rsa:2048 -keyout kek.key -out kek.csr subj "/C=US/ST=State/L=City/O=Company/OU=Org/CN=www.example.com" openssl x509 -req -sha256 -in kek.csr -CA ca.crt -CAkey ca.key CAcreateserial -out kek.crt 14 Chapter 4 Working with the HP Client Management Script Library (CMSL)

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
Start-Sleep -Seconds 3
$p = New-HPSureRecoverDeprovisionPayload `
-SigningKeyPassword $skpw `
-SigningKeyFile "$path\sk.pfx"
$p | Set-HPSecurePlatformPayload
Start-Sleep -Seconds 3
Write-host 'Deprovisioning P21'
$p = New-HPSecurePlatformDeprovisioningPayload `
-verbose `
-EndorsementKeyPassword $pw `
-EndorsementKeyFile "$Path\kek.pfx"
$p | Set-HPSecurePlatformPayload
Write-Host 'Final secure platform state:'
Get-HPSecurePlatformState
}
Sample key generation using OpenSSL
Store the private keys in a safe location. The public keys will be used for validation and must be provided
during provisioning. These keys are required to be 2048 bits in length and use an exponent of 0x10001.
Replace the subject in the examples with information about your organization.
Set the following environment variable before proceeding:
set OPENSSL_CONF=<path>\openssl.cnf
# Create a self-signed root CA certificate for testing
openssl req -sha256 -nodes -x509 -newkey rsa:2048 -keyout ca.key -out
ca.crt -subj
"/C=US/ST=State/L=City/O=Company/OU=Org/CN=www.example.com“
# Create a key endorsement certificate
openssl req -sha256 -nodes -newkey rsa:2048 -keyout kek.key -out kek.csr -
subj
"/C=US/ST=State/L=City/O=Company/OU=Org/CN=www.example.com“
openssl x509 -req -sha256 -in kek.csr -CA ca.crt -CAkey ca.key -
CAcreateserial -out kek.crt
14
Chapter 4
Working with the HP Client Management Script Library (CMSL)