Home >

LunaCM Command Reference Guide > LunaCM Commands > srk > srk enable

srk enable

Enable external tamper keys. This command enables the use of external split(s) of the SRV (secure recovery vector) on purple PED Keys (SRK). The external split is brought from the HSM to a purple key, and erased from the HSM, leaving only one split on the HSM. When SRK is enabled:

Secure Transport Mode can be set.

Any tamper event that is detected by the HSM stops the HSM until you restart and perform "srk recover". The "srk recover" operation makes the externally provided split (from the purple key) available to combine with the internal split, allowing the MTK to be recreated. The MTK is destroyed by a tamper (or by setting STM), and cannot be recreated until both splits are available ( if SRK is enabled ).

The SO must be logged in to the HSM to issue this command.

Note:  If Lunacm srk show command does not show the expected state for SRK after you run this command, the cache might not have been updated, following the most recent change. Exit and re-launch lunacm to see the current state of SRK.
 

Syntax

srk enable

Example

lunacm:> srk enable
 
Please attend to the PED.
Secure Transport functionality was successfully enabled.
 
Command Result : No Error