partition restore

Restores the contents of a backup partition stored on a Luna Backup HSM to an application partition. The partition Crypto Officer executing this command has the option of replacing the objects existing on the partition or adding to them.

NOTE   To perform backup operations on HSM firmware 7.7.0 or newer (V0 or V1 partitions):

> Luna Backup HSM (G7) requires minimum firmware version 7.7.1

> Luna Backup HSM (G5) requires minimum firmware version 6.28.0

You can use a Luna Backup HSM with older firmware to restore objects to a V0 or V1 partition, but this is supported for purposes of getting your objects from the older partitions onto the newer V0 or V1 partitions only.

V0 and V1 partitions are considered more secure than partitions at earlier firmware versions - any attempt to restore from a higher-security status to lower-security status fails gracefully.

SMK backup for appliance is supported only with local connection.

Refer to Restoring From an Appliance-Connected Luna Backup HSM (G7) or Backup/Restore Using an Appliance-Connected Luna Backup HSM (G5) for a list of the required credentials.

User Privileges

Users with the following privileges can perform this command:

>Admin

>Operator

Syntax

partition restore -partition <name> -tokenpar <name> -serial <serialnum> {-add | -replace} [-password <password>] [-tokenpw <password>] [-force]

Argument(s) Shortcut Description
-add -a

Add objects to the application partition specified with -partition. Incremental backup (append). If the OUIDs of any source objects match OUIDs of objects already stored on the target backup, they are not restored, and the existing objects are not overwritten.

You must specify either -add or -replace.

CAUTION!   If you are restoring a V1 backup to a V1 partition, use -add to restore the SMK and keep any existing objects on the partition. Use -replace only if you wish to erase any existing objects. By default, V1 backups only include the SMK.

-force -f Force the action without prompting.
-partition <name> -par Specifies the name of the target application partition to restore from backup. Obtain the partition name by using the partition list command.
-password <password> -pas The partition Crypto Officer's password. If you do not supply this value on the command line, you are prompted for it. Applies to password-authenticated HSMs only; PED-authenticated HSMs will prompt for the partition Crypto Officer's black PED key.
-replace -r

Erase all existing objects on the application partition and replace them with the contents of the backup partition.

You must specify either -add or -replace.

CAUTION!   If you are restoring a V1 backup to a V1 partition, use -add to restore the SMK and keep any existing objects on the partition. Use -replace only if you wish to erase any existing objects. By default, V1 backups only include the SMK.

-serial <serialnum> -s Specifies the Luna Backup HSM serial number.
-tokenpar <name> -tokenpa Specifies the backup partition name.
-tokenpw <password> -tokenpw

Specifies the backup partition's Crypto Officer password. If you do not supply this value on the command line, you are prompted for it. Applies to password-authenticated HSMs only; PED-authenticated HSMs will prompt for the Crypto Officer's black PED key.

Example

lunash:>partition restore -partition sa78par1 -tokenpar sa78par1backup -size 496771 -add


  Please enter the password for the token user partition:
  > ********

  Please enter the password for the HSM user partition:
  > ********

Object "MT RSA 4096-bit Private KeyGen" (handle 14) cloned to handle 46 on target
Object "MT RSA 4096-bit Public KeyGen" (handle 18) cloned to handle 49 on target
Object "MT RSA 4096-bit Private KeyGen" (handle 19) cloned to handle 52 on target
Object "MT RSA 4096-bit Public KeyGen" (handle 23) cloned to handle 48 on target
Object "MT RSA 4096-bit Private KeyGen" (handle 24) cloned to handle 57 on target
Object "MT RSA 4096-bit Public KeyGen" (handle 28) cloned to handle 70 on target
'partition restore' successful.


Command Result : 0 (Success)