lunacm partition Commands
NAME
partition setLegacyDomain - Set the legacy cloning domain on a partition.
SYNOPSIS
lunash:> partition setLegacyDomain [-ld <legacystring>] [-force]
DESCRIPTION
Set the legacy cloning domain on a partition.
The "Legacy Cloning Domain" for Password authenticated HSM partitions is the text string that was used as a cloning domain on the legacy token HSM or Luna PCI HSM whose contents are to be migrated to the Luna PCI 5.x HSM partition.
The "Legacy Cloning Domain" for PED authenticated HSM partitions is the cloning domain secret on the red PED key for the legacy PED authenticated HSM whose contents are to be migrated to the Luna PCI 5.x HSM partition.
Your target Luna PCI 5.x HSM partition has, and retains, whatever modern partition cloning domain was imprinted (on a red PED Key) when the partition was created. The partition setLegacyDomain command takes the domain value from your legacy HSM's red PED Key and associates that with the modern-format domain of the partition, to allow the partition to be the cloning (restore...) recipient of objects from the legacy (token) HSM.
Once the first legacy domain has been associated with your Luna PCI 5.x HSM Partition, that legacy domain is attached until the partition is deleted.
The ability to "partition setLegacyDomain" does not allow you to defeat the security provision that prevents cloning of objects across different domains.
As well, you cannot migrate objects from a Password authenticated token/HSM to a PED authenticated Luna PCI 5.x HSM partition, and you cannot migrate objects from a PED authenticated token/HSM to a Password authenticated Luna PCI 5.x HSM partition. Again, this is a security provision.
Please see this page for a description and summary of the possible combinations of source (legacy) tokens/HSMs and target (modern) HSM partitions and the disposition of token objects from one to the other.
OPTIONS
The following options are available:
| (Option) | Parameter | Description |
|---|---|---|
| -legacyDomain | -ld | Legacy cloning domain string |
| -force | -f | Force action without prompting |
If PED authentication is not enabled, a legacy domain must be specified. If PED authentication is enabled and a legacy domain is not specified, the domain will be obtained using the PED.
SAMPLE OUTPUT
lunacm:> partition setLegacyDomain -partition <name>
Existing Legacy Cloning Domain will be destroyed.
Are you sure you wish to continue?
Type 'proceed' to continue, or 'quit' to quit now ->proceed
The PED prompts for the legacy red domain PED Key (notice mention of "raw data" in the PED message).
Command result: No Error
lunacm:>