hsm init
Initialize the HSM. Initializing the HSM erases all existing data, including any HSM Partition and its data. The HSM Partition then must be recreated with the partition create command. Because this is a destructive command, the user is asked to “proceed” unless the -force switch is provided at the command line.
NOTE The hsm commands appear only when LunaCM's active slot is set to the administrative partition.
Syntax
hsm init -label <label> [-password <SOpassword>] [-domain <domain> | -defaultdomain] [-initwithped | -initwithpwd] [-applytemplate <filepath/filename>] [-auth] [-force]
Argument(s) | Shortcut | Description |
---|---|---|
-applytemplate <filepath/filename> | -at | Apply a policy template located in the specified directory. |
-auth | -a | Log in after the initialization. |
-domain <domain> | -d | HSM Domain Name. This option is mutually exclusive with the -defaultdomain option. This option is required for a password-authenticated HSM. If you do not provide the domain string in the command, you are prompted for it, and the characters that you type are obscured by asterisks (*). This option is ignored for PED-authenticated HSMs. |
-defaultdomain | -def | HSM Default Domain Name. This option is mutually exclusive with the -domain option. Deprecated. The -defaultdomain is not secure, and should not be used in a production environment. This option is ignored for PED-authenticated HSMs. |
-force | -f | Force the action - no prompts. Useful for scripting. |
-initwithped | -iped | Initialize a Backup Device with PED-Auth. This option is supported only when initializing a Backup Device that is in a zeroized state. This option is mutually exclusive with the -initwithpwd option. |
-initwithpwd | -ipwd | Initialize a Backup Device with PWD-Auth. This option is supported only when initializing a Backup Device that is in a zeroized state. This option is mutually exclusive with the -initwithped option. |
-label <label> | -l |
Specifies the label to assign to the HSM. The HSM label created during initialization must be 1-32 characters in length. If you specify a longer label, it will automatically be truncated to 32 characters. The following characters are allowed:
Spaces are allowed; enclose the label in double quotes if it includes spaces. Including both spaces and quotation marks in a label may cause unexpected labeling behavior. |
-password | -p |
HSM SO password. This option is required for a password authenticated HSM. If you do not provide the password string in the command, you are prompted for it, and the characters that you type are obscured by asterisks (*). This option is ignored for PED-authenticated HSMs. In LunaCM, passwords and challenge secrets must be 7-255 characters in length. The following characters are allowed:
Double quotation marks ( Spaces are allowed; to specify a password that includes spaces using the -password option, enclose the password in double quotation marks. |
Example
Soft init (no factory reset)
lunacm:>hsm init -label myLuna You are about to initialize the HSM that is already initialized. All partitions of the HSM will be destroyed. You are required to provide the current SO password. Are you sure you wish to continue? Type 'proceed' to continue, or 'quit' to quit now ->proceed Enter password for SO: ******** Command Result : No Error
Hard init (with factory reset first)
lunacm:>hsm init -label myLuna You are about to initialize the HSM. All contents of the HSM will be destroyed. Are you sure you wish to continue? Type 'proceed' to continue, or 'quit' to quit now ->proceed Enter password for SO: ******** Re-enter password for SO: ******** Option -domain was not specified. It is required. Enter the domain name: ********** Re-enter the domain name: ********** Command Result : No Error
HSM init on SafeNet Luna Backup HSM
lunacm:>hsm init -label mybackuphsm -password s0mepw -domain s0med0ma1n -force -auth -initwithpwd Initialization was successful and "-auth" was specified. Performing an SO login. Command Result : No Error lunacm:>hsm si HSM Label -> mybackupHSM Manufacturer -> Safenet, Inc. HSM Model -> G5Backup HSM Serial Number -> 7000013 HSM Status -> OK Token Flags -> CKF_RNG CKF_LOGIN_REQUIRED CKF_RESTORE_KEY_NOT_NEEDED CKF_TOKEN_INITIALIZED Firmware Version -> 6.10.1 Rollback Firmware Version -> Not Available ......[output snipped for space].... License Count -> 4 1. 621000028-000 SafeNet Luna Backup HSM base configuration 1. 621000048-001 621-000048-001SCU,G5,BU,Partitions100 2. 621000006-001 Enabled for 15.5 megabytes of object storage 2. 621000008-001 Enable remote PED capability Command Result : No Error