Open topic with navigation

Home >

hsm showpolicies

Display the current settings for all hsm capabilities and policies, or optionally restrict the listing to only the policies that are configurable.

Luna SA 5 does not currently have a secure identity management (SIM) configuration.  Certain HSM policy settings exist to enable migration from Luna SA 4.x to Luna SA 5.x, specifically the “Enable masking” and “Enable portable masking key” values.

Syntax

hsm showpolicies [-configonly]

Parameter Shortcut Description
-configonly -c Restrict the list to configurable policies only.

Example

[myluna] lunash:>hsm showPolicies
HSM Label: myhsm
Serial #: 700022
Firmware: 6.2.1
The following capabilities describe this HSM, and cannot be altered
except via firmware or capability updates.
Description 	                        Value
=========== 	                        =====
Enable PIN-based authentication 	Disallowed
Enable PED-based authentication 	Allowed
Performance level 	                15
Enable domestic mechanisms & key sizes 	Allowed
Enable masking 	                        Allowed
Enable cloning                   	Allowed
Enable special cloning certificate 	Disallowed
Enable full (non-backup) functionality 	Allowed
Enable ECC mechanisms 	                Allowed
Enable non-FIPS algorithms 	        Allowed
Enable SO reset of partition PIN 	Allowed
Enable network replication 	        Allowed
Enable Korean Algorithms 	        Allowed
FIPS evaluated 	                        Disallowed
Manufacturing Token 	                Disallowed
Enable Remote Authentication 	        Allowed
Enable forcing user PIN change 	        Allowed
Enable portable masking key 	        Allowed
Enable partition groups 	        Disallowed
Enable Remote PED usage                 Allowed
Enable external storage of MTK split    Allowed
HSM non-volatile storage space 	        2097152
Enable HA mode CGX 	                Disallowed
Enable Acceleration 	                Allowed
Enable unmasking 	                Allowed
 
The following policies are set due to current configuration of
this HSM and cannot be altered directly by the user.
Description 	                        Value
=========== 	                        =====
PED-based authentication 	        True
Store MTK split externally 	        False
 
The following policies describe the current configuration of
this HSM and may by changed by the HSM Administrator.
Changing policies marked "destructive" will zeroize (erase
completely) the entire HSM.
 
Description                             Value   Code    Destructive
============                            =====   ====    =========== 
Allow masking 	                        On 	6 	Yes
Allow cloning                           On 	7 	Yes
Allow non-FIPS algorithms 	        On 	12  	Yes
SO can reset partition PIN 	        On 	15 	Yes
Allow network replication 	        On 	16 	No
Allow Remote Authentication 	        On 	20 	Yes
Force user PIN change after set/reset  	Off 	21 	No
Allow offboard storage           	On 	22 	Yes
Allow remote PED usage  	        On 	25 	No
Allow Acceleration 	                On 	29 	Yes
Allow unmasking 	                On 	30 	Yes
Command Result : 0 (Success)

Luna PCI-E 6.0 Product Documentation
007-011329-007 Rev. A May 2015 Copyright 2015 SafeNet, Inc. All rights reserved.

Open topic with navigation