Quantcast
Channel: SRX Services Gateway topics
Viewing all articles
Browse latest Browse all 3959

Enabling TPM blocks any Junos upgrade on SRX

$
0
0

Enabling TPM makes any Junos upgrade on SRX impossible. If you enable TPM / MEK – the box needs to be rebuild from scratch using a local console access. There is no other way to disable TPM or do an upgrade.

 

It seems that if you enable TPM on an SRX (http://www.jnpr.net/documentation/en_US/junos/topics/concept/trusted-port-module-security-understanding.html)  it makes an upgrade impossible. If you try to install D110 on the box it will give you a validation error.  To clear the TPM you need to clear it in uboot and rebuild the box from scratch - and clearing the uboot is possible only from the local console – so no remote upgrade possible.

 

To sum it up:

  • There is no other method to install/upgrade Junos on a SRX with TPM/MEK enabled then to clear the TPM/MEK before the install/upgrade.
  • There is no other method to clear the TPM then to use a LOCAL console access (need to access uboot).
  • After clearing the TPM using uboot the box requires full (manual) reinstall/rebuild.

 

I am having a JTAC case and trying to find a solution, but the situation is outrageous...

 

Regards,

Pawel Mazurkiewicz


Viewing all articles
Browse latest Browse all 3959

Trending Articles