hsm stm transport
Place the HSM in Secure Transport Mode (STM). You need to be logged in as the HSM SO to issue this command.
When you enter this command, two strings are displayed: a verification string and a random user string. Record both of these to confirm later that the HSM was not tampered with while in STM. When you recover from STM, enter the random user string and compare the generated verification string to the original one you received. If the strings match, the HSM has not been tampered while in STM (see hsm stm recover).
CAUTION! Use the LunaCM command role deactivate from a connected client, to deactivate each role, by name, for each partition on the HSM, before issuing command hsm stm transport.
Failure to do so can result in mismatch when the generated strings are later compared during Secure Transport Mode recovery.
User Privileges
Users with the following privileges can perform this command:
>Admin
>Operator
Syntax
hsm stm transport
Example
lunash:>hsm stm transport WARNING !! You are about to configure the HSM in secure transport mode. If you proceed, the HSM will be inoperable until it is recovered with hsm stm recover command. If you are sure that you wish to proceed, then type 'proceed', otherwise type 'quit'. > proceed Proceeding... Configuring the HSM for secure transport mode... Record the displayed verification & random user strings. These are required to recover from Secure Transport Mode. Verification String: 59bt-3CXF-7/Tt-qKTx Random User String: 4CEd-4HX7-J/YW-pCX6 HSM is now in Secure Transport Mode. Command Result : 0 (Success)