Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Install Physical CipherTrust Manager Appliance

HSM Tamper Behavior

search

Please Note:

HSM Tamper Behavior

Tampering with the Appliance

Hardware tamper events are detectable events that imply intrusion into the appliance interior.

One such event is removal of the lid (top cover). The lid is secured by anti-tamper screws, so any event that lifts that lid is likely to be a serious intrusion.

Decommission

The red "Decommission" button recessed behind the back panel is not a tamper switch. Its purpose is different. See HSM Emergency Decommission Button for a description.

What Happens When You Tamper

First, the HSM disconnects and disallows any communication.

Second, the system turns on the "HSM Offline" alarm to alert system admins. This will happen within 30 seconds.

Third, if the system is unable to communicate with the HSM consecutively for 5 minutes, it restarts itself to ensure that all sensitive cached information is erased from the running system. If the system is still unable to communicate with the HSM after a restart, services are prevented from starting up and the status API reflects this problem. In addition, the GUI displays an error indicating a problem communicating with the HSM.

A tampered system does not recover by itself and requires the system admin to intervene. Recovering requires console access (for example SSH). If you are configured for PED authentication, you will also need access to the HSM PED and the corresponding HSM tokens (iKeys).

To clear a tamper flag on a Thales k570 local HSM

  1. Make sure an HSM admin slot is selected.

    1. Run the /usr/safenet/lunaclient/bin/lunacm tool in the console as the system admin (ksadmin).

    2. Check the available slots.

      lunacm:> slot list

    3. Look for a slot with description "Admin Token Slot".

    4. Select the active slot.

      lunacm:> slot set -slot <number>

  2. Verify that the system is unable to communicate with the HSM using this command:

    lunacm:> hsm tampershow

    Response:

    Driver command failed: Input/output error
Failed to display tampers error=5.

Command Result : No Error

  3. An HSM restart is required before any operations can be performed against the HSM using this command:

    lunacm:> hsm restart

    Note

    If the PED is connected to the system, it is required at this time to reconnect it by physically unplugging and reconnecting the USB cable; otherwise it will not be able to communicate with the HSM.

  4. Make sure an HSM admin slot is selected. Refer to step 1 for details.

  5. After the HSM has restarted, view the tamper event using this command:

    lunacm:> hsm tampershow

  6. You can now clear the tamper flag using these commands:

    lunacm:> role login -name so
lunacm:> hsm tamperclear

    At this point the HSM should be operational again.

    Note

    During tampering all cached HSM tokens are cleared. Therefore, any CipherTrust Manager attempt to log in to the HSM will trigger PED authenticate. Re-authentication using the black PED key is required to get the appliance running again.

To clear a tamper flag on a TCT k570 local HSM

  1. Power on the unit. If the unit was still running when the tamper occurred, power cycle the unit. Connect to the unit over serial cable and run the following as the ksadmin: 

    cd /usr/safenet/lunaclient/bin
./lunacm

    The HSM indicates it has been tampered.

  2. If you are configured for Password Authentication, to clear the tamper flag, log in as the HSM/Security Officer:

        :::text
    lunacm:> hsm login

  3. If you are configured for PED Authentication, to clear the tamper flag, use the following commands:

    1. lunacm:> hsm login

      You are prompted for the HSM/Security Officer (blue) iKey

    2. lunacm:> partition login

      You will be prompted for the User (black) iKey.

On this page