|
Home > |
|---|
Displays the partition-level capability and policy settings for the partition, including whether the policy is destructive when enabled/disabled (verbose mode).
Note: If you are running more than one LunaCM session against the same partition, and change a partition policy in one LunaCM session, the policy change will be reflected in that session only. You must exit and restart the other LunaCM sessions to display the changed policy settings.
partition showpolicies [-slot <slot>] [-verbose]
| Option | Short | Description |
|---|---|---|
| -slot <slot> | -s | Specifies the slot number of the partition to display policy information for. |
| -verbose | -v | Include information that specifies whether the policy is destructive when enabled/disabled. |
lunacm:> partition showpolicies
Partition Capabilities
0: Enable private key cloning : 0
1: Enable private key wrapping : 0
2: Enable private key unwrapping : 1
3: Enable private key masking : 0
4: Enable secret key cloning : 0
5: Enable secret key wrapping : 1
6: Enable secret key unwrapping : 1
7: Enable secret key masking : 0
10: Enable multipurpose keys : 1
11: Enable changing key attributes : 1
14: Enable PED use without challenge : 1
15: Allow failed challenge responses : 1
16: Enable operation without RSA blinding : 1
17: Enable signing with non-local keys : 1
18: Enable raw RSA operations : 1
19: Max non-volatile storage space : 3
20: Max failed user logins allowed : 10
21: Enable high availability recovery : 1
22: Enable activation : 0
23: Enable auto-activation : 0
25: Minimum pin length (inverted: 255 - min) : 248
26: Maximum pin length : 255
28: Enable Key Management Functions : 1
29: Enable RSA signing without confirmation : 1
30: Enable Remote Authentication : 1
Partition Policies
0: Allow private key cloning : 0
1: Allow private key wrapping : 0
2: Allow private key unwrapping : 1
3: Allow private key masking : 0
4: Allow secret key cloning : 0
5: Allow secret key wrapping : 1
6: Allow secret key unwrapping : 1
7: Allow secret key masking : 0
10: Allow multipurpose keys : 1
11: Allow changing key attributes : 1
14: Challenge for authentication not needed : 1
15: Ignore failed challenge responses : 1
16: Operate without RSA blinding : 1
17: Allow signing with non-local keys : 1
18: Allow raw RSA operations : 1
19: Max non-volatile storage space : 3
20: Max failed user logins allowed : 10
21: Allow high availability recovery : 1
22: Allow activation : 0
23: Allow auto-activation : 0
25: Minimum pin length (inverted: 255 - min) : 248
26: Maximum pin length : 255
28: Allow Key Management Functions : 1
29: Perform RSA signing without confirmation : 1
30: Allow Remote Authentication : 0
Command Result : No Error
lunacm:> partition showpolicies -verbose
Partition Capabilities
0: Enable private key cloning : 1
1: Enable private key wrapping : 0
2: Enable private key unwrapping : 1
3: Enable private key masking : 0
4: Enable secret key cloning : 1
5: Enable secret key wrapping : 1
6: Enable secret key unwrapping : 1
7: Enable secret key masking : 0
10: Enable multipurpose keys : 1
11: Enable changing key attributes : 1
15: Allow failed challenge responses : 1
16: Enable operation without RSA blinding : 1
17: Enable signing with non-local keys : 1
18: Enable raw RSA operations : 1
20: Max failed user logins allowed : 10
21: Enable high availability recovery : 1
22: Enable activation : 1
23: Enable auto-activation : 1
25: Minimum pin length (inverted: 255 - min) : 248
26: Maximum pin length : 255
28: Enable Key Management Functions : 1
29: Enable RSA signing without confirmation : 1
31: Enable private key unmasking : 1
32: Enable secret key unmasking : 1
33: Enable RSA PKCS mechanism : 1
34: Enable CBC-PAD (un)wrap keys of any size : 1
37: Enable Secure Trusted Channel : 1
38: Enable Fast-Path : 0
39: Enable Start/End Date Attributes : 1
Partition Policies
Destructive
Code Description Value Off-To-On On-To-Off
______________________________________________________________________________
0 Allow private key cloning On Yes No
1 Allow private key wrapping Off Yes No
2 Allow private key unwrapping On No No
3 Allow private key masking Off Yes No
4 Allow secret key cloning On Yes No
5 Allow secret key wrapping On Yes No
6 Allow secret key unwrapping On No No
7 Allow secret key masking Off Yes No
10 Allow multipurpose keys On Yes No
11 Allow changing key attributes On Yes No
15 Ignore failed challenge responses On Yes No
16 Operate without RSA blinding On Yes No
17 Allow signing with non-local keys On No No
18 Allow raw RSA operations On Yes No
20 Max failed user logins allowed 10 N/A N/A
21 Allow high availability recovery On No No
22 Allow activation Off No No
23 Allow auto-activation Off No No
25 Minimum pin length (inverted: 255 - min) 248 N/A N/A
26 Maximum pin length 255 N/A N/A
28 Allow Key Management Functions On Yes No
29 Perform RSA signing without confirmation On Yes No
30 Allow Remote Authentication On No No
31 Allow private key unmasking On No No
32 Allow secret key unmasking On No No
33 Allow RSA PKCS mechanism On Yes No
34 Allow CBC-PAD (un)wrap keys of any size On Yes No
37 Force Secure Trusted Channel Off No Yes
Command Result : No Error