|
Home > |
|---|
Access commands that allow you to manage the HSM on the appliance.
Note: HSM commands from the Luna shell are queued along with other demands on the HSM (such as cryptographic operations), and can run more slowly than normal if the HSM is very busy, such as when it is performing high-volume ECDSA signing operations.
hsm
backup
changepolicy
changepw
checkcertificates
debug
displaylicenses
factoryreset
firmware
fwupdateinfo
generatedak
information
init
loadcustomercert
login
logout
ped
restore
selftest
setlegacydomain
show
showpolicies
srk
stc
supportinfo
update
zeroize
| Parameter | Shortcut | Description |
|---|---|---|
| backup |
b | Backs up data or objects in the HSM's SO (or HSM Admin) space, such as the HSM's masking key (used in SIM) information, to a backup token. See "hsm backup". |
| changepolicy | changepo |
Sets a policy on or off, or to set it to a certain value if it is a numerical policy. See "hsm changepolicy". |
| changepw | changepw |
Changes the password or PED key contents for the HSM Admin. See "hsm changepw". |
| checkcertificates | che | Checks the HSM for presence of MAC and DAC. See "hsm checkcertificates". |
| debug | de | Display debug information. See "hsm debug show". |
| displaylicenses | di | Display a list of all licenses on the HSM. See "hsm displaylicenses". |
| factoryreset |
fa | Set the HSM back to its factory default settings. Zeroize partitions, roles, and objects, delete the RPV (if any), and reset partition policies to original settings. See "hsm factoryreset". |
| firmware | fi | Update or rollback the HSM firmware. See "hsm firmware" . |
| fwupdateinfo | fw | Saves HSM firmware update support information to a file. See "hsm fwupdateinfo". |
| generatedak | ge | Generate a new DAK pair. See "hsm generatedak". |
| information | inf | Display HSM information, reset the HSM counters, or monitor HSM performance. see "hsm information". |
| init | ini | Initialize the HSM. See "hsm init". |
| loadcustomercert | loa | Load the customer-signed MAC and DAC. See "hsm loadcustomercert". |
| login | logi | Log in as the HSM Admin. See "hsm login". |
| logout | logo | Log out the HSM Admin account. See "hsm logout". |
| ped | p | Display or change the configuration of the PED. See "hsm ped". |
| restore | r | Restore the contents of the HSM from a backup token. See "hsm restore [reserved]". |
| selftest | sel | Test the cryptographic capabilities of the HSM. See "hsm selftest". |
| setlegacydomain | set | Set the legacy cloning domain on an HSM. See "hsm setlegacydomain" |
| show | sh | Display a list showing the current configuration of the HSM. See "hsm show". |
| showpolicies | showp | Display the current settings for all hsm capabilities and policies, or optionally restrict the listing to only the policies that are configurable. See "hsm showpolicies". |
| srk | sr | Configure, or display information about, secure recovery keys (SRK) and secure transport mode. See "hsm srk". |
| stc | st | Configure and manage the secure trusted channel (STC) link that is local to the appliance, that is, from the LunaSH shell to the HSM SO partition. See "hsm stc". |
| supportinfo | su | Get HSM support information. See "hsm supportinfo". |
| update | u | Display or install any available capability or firmware updates. See "hsm update ". |
| zeroize | z | Zeroize the HSM. Destroy all partitions, roles and objects, but preserve the RPV (if one exists) and preserve HSM policy settings. See "hsm zeroize". |