stm transport

Place the HSM in Secure Transport Mode (STM). You need to be logged in as the HSM SO to issue this command.

NOTE   The stm commands appear only when LunaCM's active slot is set to the administrative partition.

When you enter this command, two strings are displayed: a verification string and a random user string. Record both of these to confirm later that the HSM was not tampered with while in STM. When you recover from STM, enter the random user string and compare the generated verification string to the original one you received. If the strings match, the HSM has not been tampered while in STM (see stm recover).

To enter transport mode on a PED-authenticated HSM, provide the black PED key when prompted.

Syntax

stm transport

Example

lunacm:>stm transport
 
        You are about to configure the HSM in STM.
        Are you sure you wish to continue?
 
        Type 'proceed' to continue, or 'quit' to quit now ->proceed
 
        Configuring the HSM for transport (may take a few seconds)...
 
        HSM was successfully configured for transport.
 
        Please record the displayed verification & random user strings.
        These are required to recover from Secure Transport Mode.
 
 
        Verification String: SL7P-GWtA-JFKt-psCH
 
        Random User  String: Gxbx-dXFM-x4bW-bMWN
 
Command Result : No Error