You are here: Administration & Maintenance Manual > HSM Administration > Partitions (logical HSM spaces for clients) > Activating and AutoActivating Partitions > Activate a Partition

 

Activate a Partition

For Luna SA with Trusted Path Authentication (those requiring Luna PED for authentication), a persistent login-like state called Activation must be engaged, using the appropriate black PED Key (along with the PED PIN and/or the requisite MofN keys, if those optional authentication features have been implemented). Once the Partition has been activated, the Client supplies the HSM Partition Password(or the Crypto Officer or Crypto User password, as appropriate) whenever it needs access to the HSM Partition to perform cryptographic operations.

(moreThe HSM Partition authentication (the PIN imprinted on the black PED Key) is never passed outside the trusted path between Luna HSM and Luna PED. Instead, the HSM Partition Password in a Luna SA with PED (Trusted Path) Authentication is a challenge secret that grants access to the partition only if the owner password (the black PED Key) has already been accepted.
That contrasts with the Luna HSM with Password Authentication, where the complete HSM Partition Password is passed as text in the SSH and NTL pipe.
)

To activate a Partition for use by registered Clients:

  1. Ensure that the partition policy "Allow activation" has been switched on.
    partition changepolicy -par <partitionname> -policy 23 -value 1
  2. To start activation of the desired partition, type:
    partition activate -par <partitionname>

Activation persists until it is explicitly switched off with the partition deactivate name <partitionname> command, or until the Luna appliance loses power.

Once you have Activated an HSM Partition, you can remove the black PED Key from the Luna PED, and store it securely. Activation remains in force until terminated by command or by power loss.

Activation is not the same as “login”, so you cannot use the Activated state to perform HSM or Partition maintenance. For that, you must login via the secure command line interface, lunash. You can login as HSM Admin without disturbing Activated Partitions.

To allow Partition Activation to persist through / recover after a power outage, you can enable AutoActivation.

See Also