Cloning Objects to Another Application Partition
You can back up partition objects from an application partition to any other partition that shares its cloning domain. The Crypto Officer of both partitions can perform this operation using LunaCM.
Prerequisites
>Partition policy 0: Allow private key cloning must be set to 1 (ON) on both the source and target partitions.
>The target partition must be initialized with the same cloning domain as the source partition.
>You require the Crypto Officer credential for both the source and the target partition.
>Both partitions must be visible as slots in LunaCM.
>[Remote PED] This procedure is simpler when both partitions are activated (see Activation and Auto-activation on Multi-factor- (PED-) Authenticated Partitions). If the partitions are not activated, you must connect the source partition to PEDserver before logging in, disconnect it, and then connect the target partition to PEDserver by specifying its slot.
lunacm:> ped connect [-ip <IP>] [-port <port>]
lunacm:> ped disconnect
lunacm:> ped connect -slot <target_slot> [-ip <IP>] [-port <port>]
NOTE The library attempts to perform the individual actions of a cloning operation in sequence on the respective partitions. If the policies and partition types on the source and target partitions are incompatible, the partition clone command (or an attempted HA synchronization) can fail with a message like CKR_DATA_LEN_RANGE while trying to clone. This can occur if a key object from the source partition is a different size than an equivalent object expected by the target.
To clone partition objects to another application partition
1.In LunaCM, set the active slot to the source partition and log in as Crypto Officer.
lunacm:> slot set -slot <slotnum>
lunacm:> role login -name co
2.[Optional] View the partition objects and their object handles.
lunacm:> partition contents
3.Clone objects on the partition to the target partition by specifying the target slot. You can choose which objects to clone by specifying a comma-separated list of object handles, or specify all to clone all objects on the partition. Present the target partition's Crypto Officer credential when prompted.
lunacm:> partition clone -slot <slotnum> -objects <comma-separated_list/all>
The specified objects are cloned to the target partition. Any objects that already exist on the target are not cloned.