hsm showpolicies

Displays the HSM-level capability and policy settings for the HSM. Include the -exporttemplate option to export the current state of all HSM policies to a policy template.

NOTE   Some mechanisms (such as KCDSA) are not enabled unless you have purchased and installed the required Secure Capability Update package. If you require a particular mechanism, and do not see it listed when you generate a mechanism list, contact Thales Customer Support.

NOTE   The hsm commands appear only when LunaCM's active slot is set to the administrative partition.

Syntax

hsm showpolicies [-exporttemplate <filepath/filename>]

Argument(s) Short Description
-exporttemplate <filepath/filename> -et

Export the current state of all HSM policies to a policy template in the specified location.

Examples

lunacm:> hsm showpolicies
        HSM Capabilities
                 0: Enable PIN-based authentication : 1
                 1: Enable PED-based authentication : 0
                 2: Performance level : 15
                 4: Enable domestic mechanisms & key sizes : 1
                 6: Enable masking : 0
                 7: Enable cloning : 1
                 9: Enable full (non-backup) functionality : 1
                12: Enable non-FIPS algorithms : 1
                15: Enable SO reset of partition PIN : 1
                16: Enable network replication : 1
                17: Enable Korean Algorithms : 0
                18: FIPS evaluated : 0
                19: Manufacturing Token : 0
                21: Enable forcing user PIN change : 1
                22: Enable offboard storage : 1
                23: Enable partition groups : 0
                25: Enable remote PED usage : 0
                27: HSM non-volatile storage space : 33554432
                30: Enable unmasking : 1
                33: Maximum number of partitions : 100
                35: Enable Single Domain : 0
                36: Enable Unified PED Key : 0
                37: Enable MofN : 0
                38: Enable small form factor backup/restore : 0
                39: Enable Secure Trusted Channel : 1
                40: Enable decommission on tamper : 1
                42: Enable partition re-initialize : 0
                43: Enable low level math acceleration : 1
                46: Allow Disabling Decommission : 1
                47: Enable Tunnel Slot : 0
                48: Enable Controlled Tamper Recovery : 1


        HSM Policies
                 0: PIN-based authentication : 1
                 7: Allow cloning : 1
                12: Allow non-FIPS algorithms : 1
                15: SO can reset partition PIN : 0
                16: Allow network replication : 1
                21: Force user PIN change after set/reset : 1
                22: Allow offboard storage : 1
                30: Allow unmasking : 1
                33: Current maximum number of partitions : 100
                39: Allow Secure Trusted Channel : 0
                40: Decommission on tamper : 0
                43: Allow low level math acceleration : 1
                46: Disable Decommission : 0
                48: Do Controlled Tamper Recovery : 1
 


Command Result : No Error


Customer Support Portal

SafeNet Luna PCIe HSM 7.2 Product Documentation  13 December 2019  Copyright 2001-2019 Thales. All rights reserved.