hsm stm transport

Place the HSM in Secure Transport Mode (STM). You need to be logged in as the HSM SO to issue this command.

When you enter this command, two strings are displayed: a verification string and a random user string. Record both of these to confirm later that the HSM was not tampered with while in STM. When you recover from STM, enter the random user string and compare the generated verification string to the original one you received. If the strings match, the HSM has not been tampered while in STM (see hsm stm recover).

CAUTION!   Use the LunaCM command role deactivate from a connected client, to deactivate each role, by name, for each partition on the HSM, before issuing command hsm stm transport.

Failure to do so can result in mismatch when the generated strings are later compared during Secure Transport Mode recovery.

User Privileges

Users with the following privileges can perform this command:

>Admin

>Operator

Syntax

hsm stm transport

Example

lunash:>hsm stm transport


WARNING !!  You are about to configure the HSM in secure transport mode.
            If you proceed, the HSM will be inoperable until it is recovered with hsm stm recover command.
            If you are sure that you wish to proceed, then type 'proceed', otherwise type 'quit'.

> proceed
Proceeding...

Configuring the HSM for secure transport mode...

Record the displayed verification & random user strings. These are required to recover from Secure Transport Mode.


        Verification String: 59bt-3CXF-7/Tt-qKTx


        Random User  String: 4CEd-4HX7-J/YW-pCX6

HSM is now in Secure Transport Mode.


Command Result : 0 (Success)