Validating the coprocessor segment contents

The procedure to be followed to validate the contents of the coprocessor segments.

After you have loaded or replaced the code in Segments 1, 2, and 3, use the CLU VA command to confirm the segment contents and to validate the digital signature on the response created by the coprocessor.

Depending on the IBM® 4767 coprocessor (PartNum) in use,¹ issue the following command, and substitute the class key certificate file name from Table 1 for the data file name. Note that the data file name v.clu is appended to the coprocessor part number, all in lowercase characters.

csufclu -c VA -l nnnnnnnn.log -d datafile

The part number can be obtained by using the Coprocessor Load Utility (CLU) ST command.

Table 1. Class-key file for use with the CLU VA command
PartNum	Class-key certificate file
00LV498	00LV498v.clu

The [coprocessor_n] parameter is the optional designator for a particular coprocessor and defaults to zero.

¹ You can refer to the IBM product website (http://www.ibm.com/security/cryptocards/pciecc2/overview.shtml) FAQ section for the procedure to validate coprocessor integrity. That topic carries the current list of class key certificate files.