Setting HSM Policies Manually

The HSM SO can change available policies to customize HSM functionality. Some policies apply to all partitions on the HSM; others enable the Partition SO to customize functionality at the partition level. Refer to HSM Capabilities and Policies for a complete list of HSM policies and their effects.

In most cases, HSM policies are either enabled (1) or disabled (0), but some allow a range of values.

To change multiple policy settings during HSM initialization, see Setting HSM Policies Using a Template.

Prerequisites

>The HSM must be initialized (see HSM Initialization).

>If you are changing a destructive policy and you have partitions existing on the HSM, back up any important cryptographic objects (see Backup and Restore Using a G5-Based Backup HSM or Backup and Restore Using a G7-Based Backup HSM).

To manually set or change an HSM policy

1.Log in to LunaSH as admin, or an admin-level custom user.

2.[Optional] Display the existing HSM policy settings.

lunash:> hsm showpolicies

3.Log in as HSM SO (see Logging In as HSM Security Officer).

lunash:> hsm login

4.Change the policy setting by specifying the policy number and the desired value (0, 1, or a number in the accepted range for that policy).

lunash:> hsm changepolicy -policy <policy_ID> -value <value>


Customer Support Portal

SafeNet Luna Network HSM 10.1 Product Documentation  23 January 2020  Copyright 2001-2020 Thales Group. All rights reserved.