Getting started
The trusted platform module (TPM) found on SNS firewalls offers hardware storage that increases the security of certificates stored on the SNS firewall.
The TPM-based security mechanism applies to some certificates, depending on the version installed on the SNS firewall.
This technical note provides details on:
- How the TPM functions,
- Initializing and configuring the TPM on SNS firewalls,
- Managing protection on private keys in SNS firewall certificates
- Using certificates with protected private keys in the an SNS firewall configuration,
- Important points to note when updating SNS firewalls on which the TPM has been initialized.
NOTE
To update the TPM version on an SNS firewall, refer to the technical note Updating the TPM version on SNS firewalls.
| Date |
Description |
| June 10, 2025 |
- Explanations regarding the symmetric key and PCRs added to the "How it works" section
- Explanations regarding the symmetric key derivation mechanism on SNS 4.3 LTSB versions added to the "How it works" and "Initializing the TPM on SNS firewalls" sections
- Explanations regarding the removal of protection on private keys, and regarding SNS firewall pools managed by an SMC server added to the "Managing protection on private keys in SNS firewall certificates" section
- Explanations regarding the use of certificates with a private key that has been protected for VPN services on the SNS firewall added in the section "Using certificates with TPM-protected private keys"
- New section "Appendix: points to note when updating SNS firewalls on which the TPM has been initialized" added
|
| May 06, 2025 |
- New requirement regarding the activation of the Secure Boot feature added in the "Requirements" section
- Information on the TPM administration password, symmetric key, PCRs, and TPM sealing added in the "How it works" section
- Content relating to TPM initialization updated, and now has its own separate section in the document
- Information regarding the verification of TPM status and TPM sealing added in the section "Managing the TPM on SNS firewalls"
- Clarification regarding the verification of protection on a certificate's private key added in the section "Protecting private keys of certificates on SNS firewalls"
- Explanations regarding the use of a backup certificate for the web administration interface added in the section "Using certificates with TPM-protected private keys"
-
Explanations regarding the calculation of the high availability quality factor when the Secure Boot feature is enabled added in the section "Explanations on usage when the TPM is initialized"
-
Contents of the "Troubleshooting" section enriched
|
| December 13, 2024 |
- Explanations added regarding the initialization of the TPM in a high availability cluster
|
| February 13, 2024 |
- Explanations regarding PCRs added to the section "Protecting private keys in firewall certificates with symmetric keys"
- Changes to the description of the TPM orange status in the section "Checking whether the TPM is initialized"
- Explanations on resetting the TPM added to the section "If you have forgotten the TPM password"
- Explanation on the
force=on token reworded in the section "Disabling the TPM"
- The example <CN> changed to <CERTNAME> in the sections "Protecting the private key of a certificate that has already been added" and "Checking whether the private key in the SNS firewall's certificate is protected"
- Information regarding the certification authority reworded in the "SSL VPN" section
- Important information regarding the use of protected private keys added to the section "Communications with the SMC server"
- Explanations on protecting the backup file with a password added to the section "Backing up a configuration"
|
| January 18, 2024 |
|