The Administrators are allowed to execute the following management operations on the SAM subsystem per manageSAM.sh or manageFW.sh script:
|
Operation |
Command |
|
Start |
manageSAM [-v] start <instanceId> |
|
Stop |
manageSAM [-v] stop <instanceId> |
|
Check Code Integrity |
manageSAM [-v] integrity code <instanceId> |
|
Check Data Integrity |
manageSAM [-v] integrity data |
|
Initialize SAM Firmware |
manageFW [-v] init LogonPass=<user>,<credential> <MBK slot id> |
|
Set IdP Public Keys |
manageFW [-v] setidpkeys LogonPass<user>,<credential> <certfile> |
Table 15: SAM Maintenance operations
The operation Check Code Integrity is carried out for the subsystem of the SAM Service module and for the SAM MAN module by the Linux command sha512sum. The expected checksums are stored in a configuration file. The expected checksums are stored in a configuration file, which must be created in advance using the shell script checksumSAM.sh.
The operation Check Data Integrity is performed by calling the appropriate methods via the REST Service provided by the module SAM Service.
The Operation Set IdP Public Keys imports a certain number of public keys to the SAM firmware (when it is started) to verify the ID tokens issued and signed by the IdP. ‘Initialize SAM Firmware’ initializes the SAM Firmware and for example derives key material from the used MBK necessary for providing the functions of the SAM Firmware.
The operation TOE_Maintenance is performed by adjust the SAM Service related XML configuration file as it is described in chapter 5.2.3.1 of [AGD_PRE].