Patch-ID# 122889-01

NOTE:
***********************************************************************
READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT
FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU
AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE
TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE.
***********************************************************************

Keywords: sca 6000 firmware
Synopsis: Sun Crypto Accelerator 6000 1.0: Firmware Patch
Date: Sep/06/2006


Install Requirements: See Special Install Instructions                      
                      
Solaris Release: 10

SunOS Release: 5.10

Unbundled Product: Sun Crypto Accelerator 6000

Unbundled Release: 1.0

Xref: 

Topic: 

Relevant Architectures: sparc, i386

BugId's fixed with this patch: 6419906 6421355 6421475 6426911 6429430 6429501 6431051 6441711 6444685 6447315 6449655 6451511 6451804 6452082 6453202 6454187 6455693 6457031 6458985 6459024 6460932 6462306 6463742

Changes incorporated in this version: 6453202 6451804 6454187 6455693 
6457031 6458985 6459024 6460932 
6462306 6463742

Patches accumulated and obsoleted by this patch: 

Patches which conflict with this patch: 

Patches required with this patch: 

Obsoleted by: 

Files included with this patch: 

/usr/lib/crypto/firmware/sca/sca6000fw

Problem Description:

6419906 scamgr, scadiag and FW CLI miss numeric string conversion edge case
6421475 Some error returns cause FW CLI task to exit
6429430 Add AES and Diffie-Hellman known answer tests to POST
6426911 Zeroing command using scadiag may not reset the SCA6000 card
6429501 USB driver is not interrupt safe
6431051 Improved LED and button diagnostics
6441711 The security cookie in Mars 1.0 is too card-dependent.
6421355 Changing a user password on a dual-card system creates a duplicate user on one of the cards.
6444685 Public token keys created externally on other Mars cards are not handled properly.
6447315 Users with more than 512 token keys may be unable to use them after a reboot due to a login failure
6449655 financial services retrieve object broken
6451511 User should not be able to backup after setting the lock using scamgr
6452082 RSA pairwise consistency test should return error on failures
6453202 FIPS RNG must check that added entropy is not equal to internal state 
6451804 Failed to place the board in multi-admin mode: Command processing error
6454187 Add verification step to manual MFK/KEK loads
6455693 Mars SO's are allowed to login under PKCS11
6457031 No return value from osLookup() in mAdmin.c
6458985 Security Officer can not log in after Venus to Mars key migration
6459024 After rekey, the rekeyed firmware multicasts the new wrapping key in the old wrapping key.
6460932 AES Unwrap fails with CKR_GENERAL_ERROR
6462306 kernel: Debug: sleeping function called from invalid context at include/asm/uaccess.h:531
6463742 DH token key derivation causes stalled job

Patch Installation Instructions:
--------------------------------
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
 
For Solaris 7-10 releases, refer to the man pages for instructions on
using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
        example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
        example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.

Special Install Instructions:
----------------------------- 
After successfully applying this patch, a firmware update must occur. There 
are two ways to accomplish this firmware update:
 
1. If the Sun Crypto Accelerator 6000 board is initialized, use 
   /usr/sbin/scamgr to connect to the board and run the "load firmware" 
   command to update the firmware.  Then reset the board using the 
   "reset" command.  When the board is done with the reset, it will be 
    running the new firmware.
 
2. If the board is in an uninitialized state, you are working on the 
   machine where the card is installed and you are root or in the crypto 
   rights management role, you can use /usr/sbin/scadiag to upgrade 
   the card with new firmware.  Once the firmware upload is complete, 
   you must use the scadiag command to reset the board.
 
   > /usr/bin/scadiag -u /usr/lib/crypto/firmware/sca/sca6000fw <DEV>
   > /usr/bin/scadiag -r <DEV>
 
      Where <DEV> is a device instance (e.g. mca0, mca1, etc.)

README -- Last modified date:  Wednesday, September 6, 2006