MofN Secret Sharing (quorum or multi-person access control)

In previous Luna PCIe HSM releases, this page described library and firmware aspects of MofN secret sharing.

Current implementation (since HSM firmware 5) no longer implements MofN via the HSM.

Instead, MofN is entirely mediated via Luna PED 2.4 and later. The HSM is unaware of secret sharing. Multi-person access control for any of the authentication secrets (SO, User, Cloning domains, Remote PED Vector) is a PED function, and the HSM sees only the fully reconstituted MofN secrets as they are presented to it by the PED.

This implementation is both cleaner and more flexible than the legacy implementation. If you have used, or are still using legacy Luna PCIe HSMs, be aware that the legacy implementation of MofN split-secret, multi-person access control is not compatible with the modern implementation. For migration instructions, contact Thales Technical Support.