If a system-wide policy is presented, it is represented in a set of credentials. These credentials include a digital certificate chain and a manifest. The certificate identifies the authorized local system administrator, and the manifest describes for each CSSM-defined category of security service the global restrictions on that category of service. The manifest contains one section for each type of CSSM security service supported by the local system. The section contains the CSSM_MODULE_INFO structure for each selected category of service. An additional manifest section can be added.
System-wide policy credentials are created by a manufacturing process. An enhanced CSSM that supports the definition of local policy must provide a policy signing certificate and signing tool with the CSSM system. The signing tool can be a complete manufacturing tool or the subset required to sign certificates and manifests. (Object code modules are not signed by this process.) The three policy credential files created by this process are stored in the file system directory with the CSSM credential files during CSSM installation.
If policy credentials are present at CSSM startup, the general CSSM authentication checking mechanism can be used to authenticate the source and definition of a local, system-wide policy credentials. The certificate chain must verify based on the CSSM-defined roots of trust and the manifest must be signed by the policy certificate. If verified, CSSM can use the policy manifest as the specification of a local system-wide policy.