panel.exe functions

Edit online

Read about the different uses for the panel.exe utility.

The panel.exe utility can be used to:

  • Show the compliance state of the current domain.
    Example:
    #  panel.exe --qcomp
  • Show and verify the outbound authentication (OA) certificate chain that represents the chain of trust for the adapter firmware.
    Example:
    # panel.exe --epoc-cert-validate
  • Determine if a TKE is currently able to administer a specific active coprocessor.
    Example:
    # panel.exe --query-tke
  • List the labels and key types for all the keys in a designated key storage file.

    Example:

    
# panel.exe --ks-list --ks-type=DES
# panel.exe --ks-list --ks-type=AES
# panel.exe --ks-list --ks-type=PKA
# panel.exe --ks-list --ks-type=CMB --kba-type=DES
# panel.exe --ks-list --ks-type=CMB --kba-type=AES
# panel.exe --ks-list --ks-type=CMB --kba-type=PKA
  • list the labels for all of the retained keys (RSA private keys stored in the adapter) in the current domain of the CEX*C.
    Example:
    #   panel.exe --ks-list-retained
  • list the coprocessors currently active in the Linux® system and their master key status.
    Example:
    # panel.exe -x or # panel.exe --status
  • load master key parts to the coprocessor.
    Example:
    # panel.exe --mk-load-interactive
  • set a master key that was loaded to the coprocessor. Note that panel.exe is not designed to change the master keys for all the cards in a group at the same time, because this is a more sophisticated operation.
    Example:
    # panel.exe --mk-set-interactive
  • clear master key parts which were previously loaded to the coprocessor but not yet set or confirmed (used for when a mistake in entering master key parts has been detected).
    Example:
    # panel.exe --mk-clear-interactive
  • list serial numbers and master key register states of all active cards running CCA that are visible to this Linux host. The total number of active cards and any errors is also reported.
    Example:
    # panel.exe -x or # panel.exe --status
  • query the master key verification pattern for any master-key register in the current domain.
    Example:
    # panel.exe --mk-query --mktype=AES --mkregister=CURRENT
  • initialize a local host key storage file. For an example, see Using panel.exe for key storage initialization.
  • re-encipher a local host key storage file (use this when the master key has been changed to ensure currency with key storage). For an example, see Using panel.exe for key storage re-encipher when changing the master key.
  • list available CPACF functions, and whether they are supported in the current system image.
    Example:
    # panel.exe --list-cpacf
  • check ACP settings and tracking of ACP usage. For an example, see Using panel.exe to show the active role and ACPs.
  • get SYSLOG or CCALOG information.
    Example:
    
# panel.exe -y    or  # panel.exe --card-log-info 
# panel.exe -yc   or  # panel.exe --show-cca-log

The panel.exe utility does not support access control point manipulation or more sophisticated administration. Refer to Trusted Key Entry support for that functionality.

Note: You cannot perform all of the above functions using the legacy panel.exe syntax. Especially the new CEX6C-related functions are only available with the default syntax.