Setup
FM developers should ensure that their development environment is configured correctly and that all required files and library locations are set. This section is provided as a guideline for setting up the development environment so that required files can be accessed during the FM compile and link routines.
Environment Variables
In order to be able to use the build scripts, the following environment variables are used:
FMSDK | Specifies the installed location of the Luna FM SDK package if it is not installed in the default location. |
Software Installation
Refer to the installation guide for hardware and software installation instructions. See Luna HSM Client Software Installation.
Install all device drivers and Luna HSM Client software.
If the server is to be used for FM creation then you need to install these:
>eldk-5.6.fm package
>Luna FM SDK package
All servers need to also install:
>Luna FM Tools package
Requirements
The Luna FM SDK package provides the tools and sources to allow a developer to create and sign a FM and to load that FM into a compliant HSM.
Creating an FM:
A Linux operating system is required to perform the FM build.
For a list of supported platforms see the Customer Release Notes at the Thales Support Portal.
Signing an FM:
To sign a FM you can use mkfm. This tool requires a PKCS#11 implementation capable of 2048 bit CKM_SHA512_RSA_PKCS signature operation. Any Luna HSM would be suitable for this purpose. However, a smart card or other type of HSM would suffice.
Compliant HSM:
You can use the Luna FM SDK package to develop FMs for the Luna HSMs that were introduced in release 7.4. A Luna Network HSM or PCIe HSM with capability to host FM is required.
Before any FM can be loaded the HSM must have the FM capability configured. The ctfm utility will report if the HSM is not configured for FMs.
See the Configuring the Luna Network HSM for Your Network documentation for more details on how to manage the HSM configuration.
HSM Recovery:
If an HSM becomes unresponsive due to a malformed or buggy FM being loaded, then the HSM needs to be restored by erasing the FM.
For Luna Network HSMs, see command hsm fm recover with the -erase option, for more information about restoring HSMs.