Home > |
---|
Initialize the HSM. Initializing the HSM erases all existing data on the key card, including any HSM Partition and its data. HSM Partition then must be recreated with the partition create command. Because this is a destructive command, the user is asked to “proceed” unless the -force switch is provided at the command line.
Note: The lunacm hsm commands appear only when the current slot selected in lunacm is for a locally-installed HSM, such as a SafeNet PCI-E HSM. When lunacm is directed at a slot corresponding to a remote SafeNet Network HSM, the hsm-level commands do not appear, since lunacm has a client-only connection to a remote HSM and therefore cannot log in as SO to a remote HSM. To access HSM commands on the SafeNet Network HSM appliance, you must use the LunaSH.
hsm init -label <hsmlabel> -password <hsmsopassword> [-force]
Parameter | Shortcut | Description |
---|---|---|
-initwithped | -iped | Initialize a Backup Device with PED-Auth. This option is supported only when initializing a Backup Device that is in a zeroized state. This option is mutually exclusive with the -initwithpwd option. |
-initwithpwd | -ipwd | Initialize a Backup Device with PWD-Auth. This option is supported only when initializing a Backup Device that is in a zeroized state. This option is mutually exclusive with the -initwithped option. |
-label | -l | The HSM label. Required. |
-domain | -d | HSM Domain Name. This option is mutually exclusive with the -defaultdomain option. This option is required for a password authenticated HSM. If you do not provide the domain string in the command, you are prompted for it, and the characters that you type are obscured by asterisks (*). This option is ignored for PED-authenticated HSMs. |
-defaultdomain | -def | HSM Default Domain Name. This option is mutually exclusive with the -domain option. Deprecated. The -defaultdomain is not secure, and should not be used in a production environment. This option is ignored for PED-authenticated HSMs. |
-password | -p | HSM SO password. This option is required for a password authenticated HSM. If you do not provide the password string in the command, you are prompted for it, and the characters that you type are obscured by asterisks (*). This option is ignored for PED-authenticated HSMs. |
-auth | -a | Log in after the initialization. |
-force | -f | Force the action - no prompts. Useful for scripting. |
lunacm:> hsm init -label myLuna
You are about to initialize the HSM that is NOT in the
factory reset (zeroized) state.
All objects will be destroyed.
The User will be destroyed.
You are required to provide the current SO PED key.
The domain will NOT be destroyed.
Are you sure you wish to continue?
Type 'proceed' to continue, or 'quit' to quit now -> proceed
Command Result : No Error
lunacm:>
lunacm:> hsm factoryReset
You are about to factory reset the HSM.
All contents of the HSM will be destroyed.
The user will be destroyed.
The SO will be destroyed.
The domain will be destroyed.
Are you sure you wish to continue?
Type 'proceed' to continue, or 'quit' to quit now -> proceed
Resetting HSM
Command Result : No Error
lunacm:>
lunacm:> hsm init -label myLuna
You are about to initialize the HSM that is in the
factory reset (zeroized) state.
All objects will be destroyed.
The User will be destroyed.
You are required to provide the current SO PED key.
The domain will NOT be destroyed.
Are you sure you wish to continue?
Type 'proceed' to continue, or 'quit' to quit now -> proceed
Command Result : No Error
lunacm:>hsm init -label mybackuphsm -password s0mepw -domain s0med0ma1n -force -auth -initwithpwd Initialization was successful and "-auth" was specified. Performing an SO login. Command Result : No Error lunacm:>hsm si HSM Label -> mybackupHSM Manufacturer -> Safenet, Inc. HSM Model -> G5Backup HSM Serial Number -> 7000013 HSM Status -> OK Token Flags -> CKF_RNG CKF_LOGIN_REQUIRED CKF_RESTORE_KEY_NOT_NEEDED CKF_TOKEN_INITIALIZED Firmware Version -> 6.10.1 Rollback Firmware Version -> Not Available ......[output snipped for space].... License Count -> 4 1. 621000028-000 SafeNet Remote Backup HSM base configuration 1. 621000048-001 621-000048-001SCU,G5,BU,Partitions100 2. 621000006-001 Enabled for 15.5 megabytes of object storage 2. 621000008-001 Enable remote PED capability Command Result : No Error