Setting HSM Policies Manually
The HSM SO can change available policies to customize HSM functionality. Some policies apply to all partitions on the HSM; others enable the Partition SO to customize functionality at the partition level. Refer to HSM Capabilities and Policies for a complete list of HSM policies and their effects.
In most cases, HSM policies are either enabled (1) or disabled (0), but some allow a range of values.
To change multiple policy settings during HSM initialization, see Setting HSM Policies Using a Template.
Prerequisites
>The HSM must be initialized (see Initializing the HSM).
>If you are changing a destructive policy and you have partitions existing on the HSM, back up any important cryptographic objects (see Backup and Restore Using a G5-Based Backup HSM or Backup and Restore Using a G7-Based Backup HSM).
To manually set or change an HSM policy
1.Launch LunaCM and set the active slot to the HSM Admin partition.
lunacm:> slot set -slot <slotnum>
2.[Optional] Display the existing HSM policy settings.
lunacm:> hsm showpolicies
3.Log in as HSM SO (see Logging In as HSM Security Officer).
lunacm:> role login -name so
4.Change the policy setting by specifying the policy number and the desired value (0, 1, or a number in the accepted range for that policy).
lunacm:> hsm changehsmpolicy -policy <policy_ID> -value <value>
If you are changing a destructive policy, you are prompted to enter proceed to continue the operation.