hsm init

Initialize the HSM. Initializing the HSM erases all existing data, including any HSM Partition and its data. The HSM Partition then must be recreated with the partition create command. Because this is a destructive command, the user is asked to “proceed” unless the -force switch is provided at the command line.

NOTE   The hsm commands appear only when LunaCM's active slot is set to the administrative partition.

Syntax

hsm init -label <label> [-password <SOpassword>] [-domain <domain> | -defaultdomain] [-initwithped | -initwithpwd] [-applytemplate <filepath/filename>] [-auth] [-force]

Argument(s) Shortcut Description
-applytemplate <filepath/filename> -at Apply a policy template located in the specified directory.
-auth -a Log in after the initialization.
-domain <domain> -d HSM Domain Name. This option is mutually exclusive with the -defaultdomain option. This option is required for a password-authenticated HSM. If you do not provide the domain string in the command, you are prompted for it, and the characters that you type are obscured by asterisks (*). This option is ignored for PED-authenticated HSMs.
-defaultdomain -def HSM Default Domain Name. This option is mutually exclusive with the -domain option. Deprecated. The -defaultdomain is not secure, and should not be used in a production environment. This option is ignored for PED-authenticated HSMs.
-force -f Force the action - no prompts. Useful for scripting.
-initwithped -iped Initialize a Backup Device with PED-Auth. This option is supported only when initializing a Backup Device that is in a zeroized state. This option is mutually exclusive with the -initwithpwd option.
-initwithpwd -ipwd Initialize a Backup Device with PWD-Auth. This option is supported only when initializing a Backup Device that is in a zeroized state. This option is mutually exclusive with the -initwithped option.
-label <label> -l

Specifies the label to assign to the HSM.

The HSM label created during initialization must be 1-32 characters in length. If you specify a longer label, it will automatically be truncated to 32 characters. The following characters are allowed:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^&*()-_=+[]{}\|/;:'",.<>?`~

Spaces are allowed; enclose the label in double quotes if it includes spaces. Including both spaces and quotation marks in a label may cause unexpected labeling behavior.

-password -p

HSM SO password. This option is required for a password authenticated HSM. If you do not provide the password string in the command, you are prompted for it, and the characters that you type are obscured by asterisks (*). This option is ignored for PED-authenticated HSMs.

In LunaCM, passwords and challenge secrets must be 7-255 characters in length. The following characters are allowed:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^&*()-_=+[]{}\|/;:',.<>?`~

Double quotation marks (") are problematic and should not be used in passwords.

Spaces are allowed; to specify a password that includes spaces using the -password option, enclose the password in double quotation marks.

Example

Soft init (no factory reset)

lunacm:>hsm init -label myLuna

        You are about to initialize the HSM that is already initialized.
        All partitions of the HSM will be destroyed.

        You are required to provide the current SO password.

        Are you sure you wish to continue?

        Type 'proceed' to continue, or 'quit' to quit now ->proceed

        Enter password for SO: ********

Command Result : No Error

Hard init (with factory reset first)

lunacm:>hsm init -label myLuna

        You are about to initialize the HSM.
        All contents of the HSM will be destroyed.

        Are you sure you wish to continue?

        Type 'proceed' to continue, or 'quit' to quit now ->proceed

        Enter password for SO: ********

        Re-enter password for SO: ********

        Option -domain was not specified.  It is required.

        Enter the domain name: **********

        Re-enter the domain name: **********

Command Result : No Error

HSM init on SafeNet Luna Backup HSM

lunacm:>hsm init -label mybackuphsm -password s0mepw -domain s0med0ma1n -force -auth -initwithpwd

        Initialization was successful and "-auth" was specified.
        Performing an SO login.

Command Result : No Error

lunacm:>hsm si

        HSM Label -> mybackupHSM Manufacturer -> Safenet, Inc.
        HSM Model -> G5Backup
        HSM Serial Number -> 7000013
        HSM Status -> OK
        Token Flags ->
                CKF_RNG
                CKF_LOGIN_REQUIRED
                CKF_RESTORE_KEY_NOT_NEEDED
                CKF_TOKEN_INITIALIZED
        Firmware Version -> 6.10.1
        Rollback Firmware Version -> Not Available

......[output snipped for space]....

        License Count -> 4
                1. 621000028-000 SafeNet Luna Backup HSM base configuration
                1. 621000048-001 621-000048-001SCU,G5,BU,Partitions100
                2. 621000006-001 Enabled for 15.5 megabytes of object storage
                2. 621000008-001 Enable remote PED capability

Command Result : No Error