Downloading the IBM Hyper Protect Container Runtime image

You can get the IBM Hyper Protect Container Runtime (HPCR) image from IBM Passport Advantage.

Note: To download the fix pack of IBM Hyper Protect Virtual Servers, see Downloading the IBM Hyper Protect Container Runtime fix pack.

This procedure is intended for users with the role Private cloud operations administrator.

Before you begin

Ensure that you have a system that meets the requirements as detailed in System requirements.

Procedure

Complete the following steps.

  1. Log in to the IBM Passport Advantage website by using your IBM account ID and password. Contact your sales representative if you do not have one.

  2. Go to My Programs, and then select the IBM Hyper Protect Virtual Servers program.

  3. Download the image of version 2.2.2, part number M0RHCEN; the name of the downloaded file is IBM_HPVS_OnPrem_v2.2.2_EN.tar.gz.

  4. Create a directory to store the IBM Hyper Protect Virtual Servers image. Change to the directory, and extract the compressed file by using the following commands.

    mkdir /opt/<installation_directory>
cd /opt/<installation_directory>
gunzip IBM_HPVS_OnPrem_v2.2.2_EN.tar.gz
tar -xvf IBM_HPVS_OnPrem_v2.2.2_EN.tar

    You will get the following files in the current directory:

    • M0RHCEN.tar.gz, the offering image tar file.
    • M0RHCEN.tar.gz.sig, the signature file for the offering image.

    Note: You can download the public key issued by IBM for the offering image:

  5. To verify the integrity of IBM Hyper Protect Virtual Servers image tar file, run the following example command by using the signature file with the .sig suffix, and the public key that you downloaded with the suffix .pem, along with the image tar file.

    openssl dgst -sha256 -verify publickey.pem -signature M0RHCEN.tar.gz.sig M0RHCEN.tar.gz

  6. Extract the compressed tar file by using the following commands.

    cd /opt/<installation_directory>
tar -xvzf M0RHCEN.tar.gz

    Note:

    • Some of the extracted files are in *.gz format, and they should be used as is and should not be extracted once again.
    • It is recommended that you use the latest images because they are valid for longer and have the latest security fixes. Upgrade to the latest image because the earlier images will expire soon.

Result

The following directories and files are available after you extract the file:

  • readme.txt, which is the general README file for IBM Hyper Protect Virtual Servers.

  • License, a directory that contains the license files of IBM Hyper Protect Virtual Servers.

  • version, which has the version information of IBM Hyper Protect Virtual Servers.

  • images, a directory that contains the IBM Hyper Protect Container Runtime qcow2 image, which is used to bring up a IBM Hyper Protect Virtual Servers instance in KVM environment.

  • config/certs, a directory that contains all the certificates that are used to encrypt the contract, attestation, and signatures.

  • swidtag, a directory that contains the IBM License Metric Tool (ILMT) configuration file.

  • se-header.bin, the SE header file to be used for Crypto passthrough feature.

    Get the SE header file from the image TAR file at the following location:

       IBM_HPVS_2.2.2/config

Certificate expiry dates

Table 2. Attestation certificate expiry dates.

Version Expiry date
2.2.2 25 April 2026
2.2.1 04 March 2026
2.1.11 20 November 2025
2.1.10 19 September 2025
2.1.9 04 July 2025
2.1.8 08 March 2025
2.1.6 28 August 2024

Table 3. Encryption certificate expiry dates.

Version Expiry date
2.2.2 26 February 2026
2.2.1 26 February 2026
2.1.11 02 September 2025
2.1.10 02 September 2025
2.1.9 04 July 2025
2.1.8 08 March 2025
2.1.6 08 December 2023

Table 4. Intermediate certificate expiry dates.

Version Expiry date
2.2.2 01 September 2026
2.2.1 01 September 2026
2.1.11 01 September 2026
2.1.10 01 September 2026
2.1.9 03 June 2026
2.1.8 02 October 2025
2.1.6 19 January 2024

Note: For versions 2.1.6 and earlier, certificates have already expired.

You can see files and directories similar to the following example under the <installation_directory> directory.

# tree
.
├── License
│   ├── LA_cs
│   ├── LA_de
│   ├── LA_el
│   ├── LA_en
│   ├── LA_es
│   ├── LA_fr
│   ├── LA_in
│   ├── LA_it
│   ├── LA_ja
│   ├── LA_ko
│   ├── LA_lt
│   ├── LA_pl
│   ├── LA_pt
│   ├── LA_ru
│   ├── LA_sl
│   ├── LA_tr
│   ├── LA_zh
│   ├── LA_zh_TW
│   ├── LI_cs
│   ├── LI_de
│   ├── LI_el
│   ├── LI_en
│   ├── LI_es
│   ├── LI_fr
│   ├── LI_in
│   ├── LI_it
│   ├── LI_ja
│   ├── LI_ko
│   ├── LI_lt
│   ├── LI_pl
│   ├── LI_pt
│   ├── LI_sl
│   ├── LI_tr
│   ├── LI_zh
│   ├── LI_zh_TW
│   ├── non_ibm_license
│   └── notices
├── config
│   ├── certs
│   │   ├── ibm-hyper-protect-container-runtime-25.4.0-attestation.crt
│   │   ├── ibm-hyper-protect-container-runtime-25.4.0-encrypt.crt
│   │   └── ibm-hyper-protect-container-runtime-25.4.0-intermediate.crt
│   └── ibm-hyper-protect-container-runtime-25.4.0-se-header.bin
├── images
│   └── ibm-hyper-protect-container-runtime-25.4.0.qcow2
├── readme.txt
├── swidtag
│   └── ibm.com_IBM_Hyper_Protect_Virtual_Servers-2.2.2.swidtag
└── version

Next

For information about how you can create a contract, see About the contract.