partition
Access the partition-level commands.
>when you are using the most recent Luna HSM Client version (with lunacm that supports more recently developed commands, or additions to older commands)
and
>when the current slot is on an HSM with recent firmware that supports the particular command.
For the Luna Network HSM 7, only Luna Shell commands can be used with a PED-initiated Remote PED connection. Client-side LunaCM commands such as partition init cannot be executed. This means that only administrative personnel, logging in via Luna Shell (lunash:>) can authenticate to the HSM using a PED-initiated Remote PED connection.To perform actions requiring authentication on Luna Network HSM 7 partitions (that is, from the client side) any Remote PED connection must be launched by the HSM, and the data-center firewall rules must permit such outward initiation of contact.
Syntax
This version of the partition command set includes an init command for the application partition. These are the commands you see if the current-slot application partition was created using the -slot option.
partition
archive
changepolicy
changepw
cipherdisable
cipherenable
ciphershow
clear
clone
contents
domainadd
domainchangelabel
domaindelete
domainlist
init
login
logout
resize
restoresim3
setlegacydomain
showinfo
showmechanism
showpolicies
smkclone
smkrollover
| Argument(s) | Shortcut | Description |
|---|---|---|
| addsize | as | Increase the size of a partition by a specific number of bytes. See partition addsize. |
| archive | ar | Partition archive management commands. See partition archive. |
| changelabel | changel |
Change the specified partition's label. See partition changelabel. |
| changepolicy | changepo | Change the Partition Policy value. See partition changepolicy |
| changepw | changepw | Change the Partition Password for all members of an HA group. See partition changepw [for HA] |
| cipherdisable | cid | Disable the indicated cipher suite for cloning. See partition cipherdisable |
| cipherenable | cie | Enable the indicated cipher suite for cloning. See partition cipherenable |
| ciphershow | cish | Show available cipher suites for cloning, and their status. See partition ciphershow |
| clear | clr | Delete all of the user's token objects. See partition clear. |
| clone | clo | Clone user objects. See partition clone. |
| contents | con | Show the contents of the user partition. See partition contents. |
| create | crp | Create a user partition. See partition create. |
| domainadd | da | Add a cloning domain to the partition. See partition domainadd. |
| domainchangelabel | dc | Change a cloning domain label. See partition domainchangelabel. |
| domaindelete | de | Delete a cloning domain from the partition. See partition domaindelete. |
| domainlist | dl | List a cloning domains in the partition. See partition domainlist. |
| init | in | Initialize an application partition. See partition init. |
| login | logi | Log in to an HA group using the common Crypto Officer password or challenge secret. See partition login. |
| logout | logo | Log out of an HA group. See partition logout. |
| resize | res | Resize a user partition. See partition resize. |
| restoresim3file | rsim3f | Restore user objects (using SIM3). See partition restoresim3file. |
| setlegacydomain | sld | Set the legacy domain. partition setlegacydomain. |
| showinfo | si | Display partition information. See partition showinfo. |
| showmechanism | showm | Show all available mechanisms. See partition showmechanism. |
| showpolicies | sp | Get partition policy information. See partition showpolicies. |
| smkclone | smkc | Clone the SKS Master Key (SMK). See partition smkclone. |
| smkrollover | smkr | Moves the current primary SKS Master Key (SMK) to the SMK Rollover location and generates a new primary SMK. See partition smkrollover. |
