HSM Status Values
Each HSM administrative slot shown in a slot listing includes an HSM status The state or condition of a device, as reported in the user interface.. Here are the possible values and what they mean, and what is required to recover from each one.
Indicated Status of HSM | Meaning | Recovery |
---|---|---|
OK | The HSM is in a good state, working properly. |
n/a |
Zeroized | The HSM is in zeroized state. All objects and roles are unusable. | HSM initialization is required before the HSM can be used again. "Hard init" - HSM SO and domain are gone, no authentication required. (see Note1) |
Transport Mode | The HSM is in Secure Transport Mode. | STM must be disabled, by providing the correct purple PED Key, before the HSM can be used. (see Note2) |
Transport Mode, zeroized | The HSM is in Secure Transport Mode, and is also zeroized. | STM must be disabled, by providing the correct purple PED Key (see Note2).and then HSM ("hard") initialization is required before the HSM can be used. |
Hardware Tamper | The HSM has been tampered. (MTK is destroyed and must be rebuilt from recovery vectors.) | Reboot the host or restart the HSM (vreset for Thales Luna PCIe HSM, or ureset for Thales Luna USB HSM). The event is logged. If one of the recovery vectors is external (on a purple PED Key) then you are prompted to provide it before the HSM can recover from tamper. Resume using the HSM. (see Note2) |
Hardware Tamper, Zeroized | The HSM has been tampered. (MTK is destroyed and must be rebuilt from recovery vectors.) The HSM is also in zeroized state. All objects and roles are unusable. |
Reboot the host or restart the HSM (vreset for Thales Luna PCIe HSM, or ureset for Thales Luna USB HSM). The event is logged. If one of the recovery vectors is external (on a purple PED Key) then you are prompted to provide it before the HSM can recover from tamper. (see Note2) HSM initialization is required before the HSM can be used again. "Hard init" - HSM SO and domain are gone, no authentication required. (see Note1) |
HSM Tamper | The HSM has been tampered. (MTK is destroyed and must be rebuilt from recovery vectors.) |
Reboot the host or restart the HSM (vreset for Thales Luna PCIe HSM, or ureset for Thales Luna USB HSM). The event is logged. If one of the recovery vectors is external (on a purple PED Key) then you are prompted to provide it before the HSM can recover from tamper. (see Note2) HSM initialization is required before the HSM can be used again. "Hard init" - HSM SO and domain are gone, no authentication required. (see Note1) |
NOTE1: A condition, not reported above, preserves the HSM SO and the associated Domain, while SO objects and all application partitions and contents are destroyed. HSM SO login is required to perform the "soft init". See Initialization Overview for PED-authenticated HSMs for more information. |
||
NOTE2: If the HSM is placed in Secure Transport Mode, or if the HSM experiences a Hardware Tamper event while a recovery vector is external to the HSM, and you are unable to provide the requested purple PED Key (with that external recovery vector), then the HSM is unrecoverable. Contact Thales Luna to obtain an RMA and ship the HSM back for re-manufacture. (Applies to PED-authenticated HSMs only.) If your HSM is Password-authenticated, or if your PED-authenticated HSM has both recovery vectors internal (no purple PED Key was created), then if a tamper event destroys the MTK, the HSM recreates the MTK after being restarted, and no further intervention is required. The above scenarios assume that a tamper event is transient, and the cause is corrected. If the HSM remains in tamper, or immediately returns to tamper, then contact Thales Luna Technical Support. |
For comparison and detailed explanation of "hard init" vs "soft init", see Initialization Overview for Password-Authenticated HSMs and Initialization Overview for PED-authenticated HSMs.
For a comparison of various destruction or denial actions on the HSM, see Comparison of Destruction/Denial Actions.