Sysadmin > SecurityAndPentests > SunCryptoAccelerator6000Board

Sun Crypto Accelerator 6000 Board

How to set the SCA6000 to factory default and initialize it again.

I bought a Sun Crypto Accelerator 6000 Board (data sheet) from ebay without any software or information about the setup or a password.

You can also use this board with Linux and openscryptoki

Download driver and admin software

  1. login to My Orcale Support
  2. goto Patches & Updates > Product or Family (Advanced)
  3. search Sun Crypto Accelerator 6000 Board > Sun Crypto Accelerator 6000 Board 1.1 > in my case > Oracle Solaris on x86-64 (64-bit)
  4. download 10264434 Sun Crypto Accelerator 6000 Board 1.1.2 - Solaris (x64, x86, Sparc) (Patch) (Admin software)
  5. and 128371-05 Sun Crypto Accelerator 6000 1.1: Firmware Patch (Patch) (firmware)

Install the Sun Crypto Accelerator 6000 software

  1. unzip p10264434_112_Solaris86-64.zip and follow the README.txt
  2. The installation failed, cause of a wrong path in the installer script. I had to make a symlink from Solaris 10 to Solaris.
  3. unzip 128371-05.zip for later use

Reset the Sun Crypto Accelerator 6000 Board to factory default

  1. shutdown server and board (Caution - The board must not receive any electrical power while adjusting the jumper.)
  2. set the jumper to 0-1 (total hardware reset) instead of 3-5 (parking position)
  3. start server to the OS (only power to the board does not work).
  4. shutdown server and board again
  5. set the jumper back to 3-5
  6. start server again
Jumper Block Sun Crypto Accelerator 6000:
E_hw_zeroize-8.jpg

Initialize setup of the Sun Crypto Accelerator 6000 Board

  1. start scamgr and you will be asked for the path to the firmware ( ~/128371-05/SUNWmcafw/reloc/lib/crypto/firmware/sca/sca6000fw )
  2. start scamgr and set the initial login and password for the security officer (DSO) !

Create a new keystore

  1. start scamgr again
  2. you will be asked for a new keystore and the initial login and password for the security officer (KSO) !
  3. from now on scamgr will ask for a KSO login

There are two types of security officers, device security officers (DSOs) and keystore security officers (KSOs). The first DSO is created when the board is initialized. The first KSO is created when the first keystore is created. DSOs can create other DSO accounts and KSOs can create other KSO accounts. The default behavior for scamgr is to log in as a KSO.

Now you can use the board as shown in the guide

sshd fatal: cipher_init: EVP_CipherInit: set key failed for aes128-ctr

  1. https://community.oracle.com/thread/1956660
  2. Installation of some Accelerator patches solves the problem
    • 128366-04 Sun Crypto Accelerator 6000 1.1_x86: Driver Patch
    • 128368-04 Sun Crypto Accelerator 6000 1.1_x86: IPSec Enabler Patch
    • 128371-05 Sun Crypto Accelerator 6000 1.1: Firmware Patch (pca likes to download this patch although we already installed the new firmware)
    • 128373-03 Sun Crypto Accelerator 6000 1.1_x86: Administration Patch
    • 140533-01 Sun Crypto Accelerator 6000 1.1_x86: Administration Man Pages Patch