Functionality Modules

Functionality Modules (FMs) consist of your own custom-developed code, loaded and operating within the logical and physical security of a Luna PCIe HSM as part of the HSM firmware. FMs allow you to customize your Luna PCIe HSM's functionality to suit the needs of your organization. Custom functionality provided by your own FMs can include:

>new cryptographic algorithms

>security-sensitive code, isolated from the rest of the HSM environment

>keys and critical parameters managed by the FM, independent from standard PKCS#11 objects, held in tamper-protected persistent storage

To create FMs, you will need the Functionality Module Software Development Kit (SDK), which is included with the Luna HSM Client software. Applications that use FM functions are supported on Windows and Linux.

This chapter describes how to prepare the Luna PCIe HSM to use FMs, and manage FMs on the HSM. For detailed information on the FM architecture and how to use FMs with your applications, refer to About the FM SDK Programming Guide.

NOTE   This feature requires minimum HSM firmware version 7.4.0 and client 7.4. See Version Dependencies by Feature for more information.

This feature has hardware dependencies described in Preparing the Luna PCIe HSM to Use FMs.

This chapter contains the following sections:

>FM Deployment Constraints

>Preparing the Luna PCIe HSM to Use FMs

>Building and Signing an FM

>Loading an FM Into the HSM Firmware

>Deleting an FM From the HSM Firmware

>Recovering the HSM After FM Failure