- Retrieve the following from version 11.40 Linux™ DVD (64-bit). The following commands assume that the DVD drive is mounted as
/mnt/cdrom
:cd / tar xvf /mnt/cdrom/linux/libc6_3/amd64/nfast/hwsp/agg.tar tar xvf /mnt/cdrom/linux/libc6_3/amd64/nfast/ctls/agg.tar
- Retrieve the following files:
- For 32-bit PCA application, acquire a 32-bit version of
libnfhwcrhk.so
:Note:libnfhwcrhk.so
is supplied as a binary file only without local compiling. This version is not an openSSL-specific version.- Retrieve the 32-bit version of the following file:
tar xvf /mnt/cdrom/linux/libc6_3/nfast/hwcrhk/user.tar
- When the previous
tar
file is extracted, it contains a file with the relative path name to thelibnfhwcrhk.so
:opt/nfast/toolkits/hwcrhk/libnfhwcrhk.so
- Copy
libnfhwcrhk.so
to the following directory:opt/nfast/toolkits/hwcrhk
- Retrieve the 32-bit version of the following file:
- You can also extract the same tar files that are stored on the DVD from .iso files that are available from the nCipher download site. Retrieve the following files containing nCipher nCSS software:
nCSS_linux64_user_11_40.iso nCSS_linux_user_11_40.iso
Based on the previous commands, the untarred software must be in the following directory:/opt/nfast
- For 32-bit PCA application, acquire a 32-bit version of
- To build the nCipher kernel driver (
nfp.ko
), complete the following steps:The configuration script looks for the kernel headers in the default directory/lib/modules/current_kernel_version/build/include
- If your kernel headers are in a different directory, set the
KERNEL_HEADERS
environment variable so that they are in$KERNAL_HEADERS/include/
. - Normally, the headers are in
/usr/src/linux/include/
. If the headers for your kernel are not already installed, install them from your distribution disk, or contact your kernel supplier.
- If your kernel headers are in a different directory, set the
- Run the following build commands:
cd /opt/nfast/driver ./configure make
- If user is not added, run the following command:
useradd -r nfast
- Validate the kernel by running the following command:
groups nfast
Install the nCipher kernel driver
Before you begin, verify that the nCipher board is installed on the PCA server.
- Use he following command to install
nfp driver.ko
and its startup scripts:/opt/nfast/sbin/install
- elect option
4
. This option can be necessary to adduser:group
. - Add the OpenSSL CHIL library path to
ld.so.conf
file, which is required for reboot. Options:- Add the line
/opt/nfast/toolkits/hwcrhk
to the following file by using vi:
Then runvi /etc/ld.so.conf
ldconfig -v
to store new entry to the /etc/ld.so.cache file. - Export
LD_LIBRARY_PATH=/opt/nfast/toolkits/hwcrhk
. - Copy the 32-bit
/opt/nfast/toolkits/hwcrhk/libnfhwcrhk.so
to/usr/lib
.Note: This option is the recommended approach, but it cannot be preferred because of system administration policy.
- Add the line
- If the first option was selected above, you can verify the current
ld.so.cache
entries forhwcrhk
by running the following command:ldconfig -p |grep hwcrhk
Confirming software installation
Depending on the option you followed to install the software, verify its location.
The software is installed in either of the following directories:
/opt/nfast/toolkits/hwcrhk/libnfhwcrhk.so
/usr/lib/libnfhwcrhk.so
Note: These steps assume that the kernel driver installation is completed.
Run following command to verify that the nfp kernel driver loaded:
lsmod |grep nfp
The expected output is something like:
nfp 42116 2
If you do not see the expected output, manually start/stop nCipher server by using the following command that is provided with the nCipher 11.40 software:
/opt/nfast/sbin/init.d-ncipher start
/opt/nfast/sbin/init.d-ncipher stop
Two new startup scripts for the v11.40 software are in /etc/init.d
:
nc_drivers start
nc_hardserver start
where:
nc_drivers -> /opt/nfast/scripts/init.d/drivers
nc_hardserver -> /opt/nfast/scripts/init.d/hardserver
Verify that the previous scripts work for valid nCipher driver operation.
Note: The previous startup scripts might not work for reboot. The nCipher cards driver and hard server startup scripts must be started first for the PCA to recognize them.