Home > |
---|
Access commands that allow you to manage the HSM on the appliance.
Note: HSM commands from LunaSH are queued along with other demands on the HSM (such as cryptographic operations), and can run more slowly than normal if the HSM is very busy, such as when it is performing high-volume ECDSA signing operations.
hsm
backup
changepolicy
changepw
checkcertificates
debug
displaylicenses
factoryreset
firmware
fwupdateinfo
generatedak
information
init
loadcustomercert
login
logout
ped
restore
selftest
setlegacydomain
show
showpolicies
srk
stc
supportinfo
update
zeroize
Parameter | Shortcut | Description |
---|---|---|
backup |
b | Backs up data or objects in the HSM's SO (or HSM Admin) space, such as the HSM's masking key (used in Scalable Key Storage) information, to a backup token. See hsm backup. |
changepolicy | changepo |
Sets a policy on or off, or to set it to a certain value if it is a numerical policy. See hsm changepolicy. |
changepw | changepw |
Changes the password or PED key contents for the HSM Admin. See hsm changepw. |
checkcertificates | che | Checks the HSM for presence of MAC and DAC. See hsm checkcertificates. |
debug | de | Display debug information. See hsm debug show. |
displaylicenses | di | Display a list of all licenses on the HSM. See hsm displaylicenses. |
factoryreset |
fa | Set the HSM back to its factory default settings. Zeroize partitions, roles, and objects, delete the RPV (if any), and reset partition policies to original settings. See hsm factoryreset. |
firmware | fi | Update or rollback the HSM firmware. See hsm firmware . |
fwupdateinfo | fw | Saves HSM firmware update support information to a file. See hsm fwupdateinfo. |
generatedak | ge | Generate a new DAK pair. See hsm generatedak. |
information | inf | Display HSM information, reset the HSM counters, or monitor HSM performance. see hsm information. |
init | ini | Initialize the HSM. See hsm init. |
loadcustomercert | loa | Load the customer-signed MAC and DAC. See hsm loadcustomercert. |
login | logi | Log in as the HSM Admin. See hsm login. |
logout | logo | Log out the HSM Admin account. See hsm logout. |
ped | p | Display or change the configuration of the PED. See hsm ped. |
restore | r | Restore the contents of the HSM from a backup token. See hsm restore [reserved]. |
selftest | sel | Test the cryptographic capabilities of the HSM. See hsm selftest. |
setlegacydomain | set | Set the legacy cloning domain on an HSM. See hsm setlegacydomain |
show | sh | Display a list showing the current configuration of the HSM. See hsm show. |
showpolicies | showp | Display the current settings for all hsm capabilities and policies, or optionally restrict the listing to only the policies that are configurable. See hsm showpolicies. |
srk | sr | Configure, or display information about, secure recovery keys (SRK) and secure transport mode. See hsm srk. |
stc | st | Configure and manage the secure trusted channel (STC) link that is local to the appliance, that is, from the LunaSH shell to the HSM SO partition. See hsm stc. |
supportinfo | su | Get HSM support information. See hsm supportinfo. |
update | u | Display or install any available capability or firmware updates. See hsm update . |
zeroize | z | Zeroize the HSM. Destroy all partitions, roles and objects, but preserve the RPV (if one exists) and preserve HSM policy settings. See hsm zeroize. |