Home >

LunaSH Command Reference Guide > LunaSH Commands > hsm

hsm

Access commands that allow you to manage the HSM on the appliance.

Note:  HSM commands from LunaSH are queued along with other demands on the HSM (such as cryptographic operations), and can run more slowly than normal if the HSM is very busy, such as when it is performing high-volume ECDSA signing operations.

Syntax

hsm

backup
changepolicy
changepw
checkcertificates
debug
displaylicenses
factoryreset  
firmware
fwupdateinfo
generatedak
information
init
loadcustomercert
login
logout
ped
restore
selftest
setlegacydomain
show
showpolicies
srk
stc
supportinfo
update  
zeroize

Parameter Shortcut Description
backup
b Backs up data or objects in the HSM's SO (or HSM Admin) space, such as the HSM's masking key (used in Scalable Key Storage) information, to a backup token. See hsm backup.
changepolicy changepo

Sets a policy on or off, or to set it to a certain value if it is a numerical policy. See hsm changepolicy.

changepw changepw

Changes the password or PED key contents for the HSM Admin. See hsm changepw.

checkcertificates che Checks the HSM for presence of MAC and DAC. See hsm checkcertificates.
debug de Display debug information. See hsm debug show.
displaylicenses di Display a list of all licenses on the HSM. See hsm displaylicenses.
factoryreset
fa Set the HSM back to its factory default settings. Zeroize partitions, roles, and objects, delete the RPV (if any), and reset partition policies to original settings. See hsm factoryreset.
firmware fi Update or rollback the HSM firmware. See hsm firmware .
fwupdateinfo fw Saves HSM firmware update support information to a file. See hsm fwupdateinfo.
generatedak ge Generate a new DAK pair. See hsm generatedak.
information inf Display HSM information, reset the HSM counters, or monitor HSM performance. see hsm information.
init ini Initialize the HSM. See hsm init.
loadcustomercert loa Load the customer-signed MAC and DAC. See hsm loadcustomercert.
login logi Log in as the HSM Admin. See hsm login.
logout logo Log out the HSM Admin account. See hsm logout.
ped p Display or change the configuration of the PED. See hsm ped.
restore r Restore the contents of the HSM from a backup token. See hsm restore [reserved].
selftest sel Test the cryptographic capabilities of the HSM. See hsm selftest.
setlegacydomain set Set the legacy cloning domain on an HSM. See hsm setlegacydomain
show sh Display a list showing the current configuration of the HSM. See hsm show.
showpolicies showp Display the current settings for all hsm capabilities and policies, or optionally restrict the listing to only the policies that are configurable. See hsm showpolicies.
srk sr Configure, or display information about, secure recovery keys (SRK) and secure transport mode. See hsm srk.
stc st Configure and manage the secure trusted channel (STC) link that is local to the appliance, that is, from the LunaSH shell to the HSM SO partition. See hsm stc.
supportinfo su Get HSM support information. See hsm supportinfo.
update u Display or install any available capability or firmware updates. See hsm update .
zeroize z Zeroize the HSM. Destroy all partitions, roles and objects, but preserve the RPV (if one exists) and preserve HSM policy settings. See hsm zeroize.