Comparison Summary
Various operations on the Luna SA appliance and its contained HSM are intended to make HSM contents unavailable to potential intruders. The effect of those actions are summarized and contrasted in the following table.
Event |
MTK is destroyed HSM is unavailable, but |
KEK is destroyed HSM contents can |
Reset appliance admin password |
---|---|---|---|
- lunash:> hsm factoryReset |
NO | YES | NO |
login to "recover" account
|
NO | YES | YES |
- hardware tamper or - lunash:> hsm srk transportMode enter |
YES | NO | NO |
decommission |
NO | YES | NO |
In addition, another event/action that has a destructive component is HSM initialization, which can be of either the "soft" or "hard" variety. Init is soft if you have not performed an hsm factoryReset before hsm init. Init is hard if it is performed following hsm factoryReset. Effects of soft versus hard initializations are summarized below - either way, HSM and partition objects are gone:
Condition/Effect |
Soft init
|
Hard init
|
---|---|---|
SO authentication required? | Yes | No |
Can set new HSM label | Yes | Yes |
Creates new SO identity | No | Yes |
Creates new Domain | No | Yes |
Destroys partitions | Yes | No (none exist to destroy) * |
Destroys SO objects | Yes | No (none exist to destroy) * |
* hsm factoryReset was performed, and destroyed partitions and objects, before the hard init... otherwise, it could not be a hard init.