Troubleshooting and Frequently Asked Questions
This section contains answers to frequently asked questions or known errors.
>Troubleshooting "token not in factory reset state" Error
Why is Backup optional?
In general, a SafeNet Luna PCIe HSM or HSM Partition is capable of being backed up to a SafeNet Luna Backup HSM via cloning (the partition backup command uses cloning functionality to securely copy objects from the source HSM to a target Backup HSM), depending on the configuration variant you have purchased. The backup capability is considered a good and desirable and necessary thing for keys that carry a high cost to replace, such as Certificate Authority root keys and root certificates.
However, Backup HSMs are optional equipment for SafeNet Luna PCIe HSMs. There are at least two reasons for this:
1.Some Customers
don't care. They may be using (for example) SSL within a controlled boundary
like a corporation, where it is not a problem to simply tell all employees
to be prepared to trust a new certificate, in the event that the previous
one is lost or compromised. In fact it might be company policy to periodically
jettison old certificates and distribute fresh ones.
Other customers might be using software that manages lost profiles,
making it straightforward to resume work with a new key or certificate. The certificate
authority that issued the certificates would need backup, but the individual
customers of that certificate authority would not.
In summary, it might not be worthwhile to backup keys that are low-cost
(from an implementation point of view) to replace. Keys that carry a high
cost to replace should be backed up.
2.Some countries do not permit copying of private keys. If you are subject to such laws, and wish to store encrypted material for later retrieval (perhaps archives of highly sensitive files), then you would use symmetric keys, rather than a private/public key-pair, for safe and legal backup.
How long does data last?
SafeNet Luna PCIe HSMs have onboard volatile memory meant for temporary data (disappears when power is removed), and onboard flash memory, used to store permanent material, like PKI Root keys and other critical key material, and like the firmware that makes the device work.
No electronic storage is forever. If your SafeNet Luna PCIe HSM is operated within an ambient temperature range of 0 degrees Celsius to +40 degrees Celsius, or stored between -20 degrees Celsius and +65 degrees Celsius, then (according to industry-standard testing and estimation methods) your data should be retrievable for twenty years from the time that the token was shipped from the factory. This is a conservative estimate, based on worst-case characteristics of the system components.
What does this mean to me?
Advances in technology will probably ensure that you never need to test the expected expiration of data on your SafeNet Luna PCIe HSMs.
Troubleshooting "token not in factory reset state" Error
If you insert a backup token that has previously been used on a Password Authenticated SafeNet Luna PCIe HSM into a PED Authenticated SafeNet Luna PCIe HSM, and attempt to initialize it, the system presents an error like:
[mylunasa] lunash:>token backup init -label mylunatoken -serial 1234567 -force
Warning: This token is not in the factory reset (zeroized) state.
You must present the current Token Admin login credentials
to clear the backup token's contents.
Luna PED operation required to initialize backup token - use
Security Officer (blue) PED key.
Error: 'token init' failed. (300130 : LUNA_RET_INVALID_ENTRY_TYPE)
Command Result : 65535 (Luna Shell execution)
[mylunasa] lunash:>
This is a security feature, intended to prevent backup of PED-secured HSM objects onto a less secure Password Authenticated token.
To work around this problem, issue token factoryReset, and then initialize the token:
[mylunasa] lunash:>token backup factoryReset -serial 1234567
CAUTION: Are you sure you wish to reset this backup token to
factory default settings? All data will be erased.
Type 'proceed' to return the token to factory default, or
'quit' to quit now.
> proceed
token factoryReset' successful.
Command Result : 0 (Success)
[mylunasa] lunash:>token backup init -label mylunatoken -serial 1234567 -force
Luna PED operation required to initialize backup token - use
Security Officer (blue) PED key.
Luna PED operation required to login to backup token - use
Security Officer (blue) PED key.
Luna PED operation required to generate cloning domain on
backup token - use Domain (red) PED key.
'token init' successful. Command Result : 0 (Success)
[mylunasa] lunash:>
Comparison Summary
See Comparison of Destruction/Denial Actions to view a table that compares and contrasts various "deny access" events or actions that are sometimes confused.
Backup HSM Battery Questions
The SafeNet Luna Backup HSM (for backing up and restoring HSM and partition contents) can be stored, with valuable contents, when not in use.
The battery that powers the NVRAM and RTC must be installed for use, but some questions commonly arise if the device is to be stored for long periods. As an administrator of HSMs, I need clear instructions on what to do/how to manage the battery in the SafeNet Luna USB HSM and SafeNet Luna Backup HSM so that I don't get into a situation where I can't retrieve my backups or use my HSM.
Should I take the battery out when storing the HSM in a safe?
It is generally good practice to remove batteries when storing electronic devices, to preclude accidental damage from battery leakage. We use high-quality, industrial-grade batteries, that are unlikely to fail in a damaging fashion, but prudence suggests removing them, regardless. Also, if the unit is not in use, there is no need to maintain power to the RTC and NVRAM, so an externally stored battery will last longer (see specifications, below).
If the battery is out, what happens?
If main power is not connected, and the battery dies, or is removed, then NVRAM and the system's Real Time Clock lose power. The working copy of the MTK is lost.
If the battery dies during operation, will I lose my key material? Will corruption occur?
The only key material that is lost is temporary session objects (including working copies of stored keys) that are in use at the time. If the "originals" of those same objects are stored as HSM/partition objects, then they reside in non-volatile memory, and those are preserved.
There is no corruption of stored objects.
Where can I get a spare/replacement battery?
From any supplier that can match the specifications.
Technical Specs
3.6 V Primary lithium-thionyl chloride (Li-SOCl2)
Fast voltage recovery after long term storage and/or usage
Low self discharge rate
10 years shelf life
Operating temperature range -55 ºC to +85 ºC
U.L. Component Recognition, MH 12193
Storage Conditions
Cells should be stored in a clean & dry area (less than 30 % Relative Humidity)
Temperature should not exceed +30 ºC
How do I know if the battery is dead or about to die? Can I check the status of the battery?
There is not a low battery indicator or other provision for checking status.
The battery discharge curve is such that the voltage remains constant until the very end of the battery life, at which point the discharge is extremely steep.
What must I do to recover function, and access to my key material, after battery removal/discharge?
Simply insert the battery, connect the HSM, power it up, and resume using it.
The MTK that was deleted by the tamper event (battery removal/discharge) is reconstituted from stored portions as soon as you log in. All your stored material is available for use.
