lunadiag
The lunadiag utility is a diagnostic tool for the Luna PCIe HSM 7.
In general, it is only used to confirm a successful Luna HSM installation, or to perform additional diagnostic tests as part of the troubleshooting process with Technical Support. Application developers may also use lunadiag during the software development process to help troubleshoot their code.
NOTE This is a general-purpose tool intended for use across Luna HSM versions. It might reference mechanisms and features that are not available on all Luna products.
Syntax
lunadiag [-s=<slots>] [-o=<offset>] [ -c=<command>] [ <options>]
Argument(s) | Description |
---|---|
-s= <slots> |
Specifies the number of slots to test at once. Range: 1 to n, where n is the number of slots available to the client. Default: 1 |
-o= <offset> |
Specifies the offset into slots to begin testing. Range: 0 to n-1, where n is the number of slots available to the client. Default: 0 |
-c= <command> |
Specifies the command to run. Range: 1 to 20. See Lunadiag Commands for a list of the available commands. |
<options> |
The following additional options can be executed, and exit immediately without user prompt. -CHRYSTOKI - Perform the Chrystoki Library configuration test. -FIPS - Test for FIPS setting for one token. Exit code 1 implies FIPS enabled. |
Example
lunadiag -s=1 -o=1 -c=11
NOTE The spaces are required.
Using lunadiag
1.To get a list of available slots, run lunadiag with no arguments. This will return a list similar to the one below:
lunadiag version x.y Date: Mmm dd yyyy Time: hh:mm:ss Detecting Luna devices ... Detection complete. Slots available: Slot #0 - Present - LunaNet Slot Slot #1 - Present - LunaNet Slot Slot #2 - Present - LunaNet Slot Slot #3 - Present - Viper PCI Card Slot #4 - Not present - Luna UHD Tunnel Slot Slot #5 - Present - Luna UHD Slot Slot #6 - Not present - Luna UHD Slot Slot #7 - Not present - Luna UHD Slot Enter slot to test:
In the above example:
•Slots 0, 1, and 2 are listed as "LunaNet Slot", and correspond to Luna Network HSM 7 application partitions that are registered with this client/host.
•Slot 3, "Viper PCI Card", is a locally contained Luna PCIe HSM 7 physical slot.
NOTE While LunaCM shows a separate HSM administrative slot and application partition slot, lunadiag shows a single physical slot.
•Slot 4 "Not present - Luna UHD Tunnel Slot", is reserved for a USB HSM Device (UHD) like a Luna Backup HSM that could be directly connected to the Luna PCIe HSM 7 card.
•Slot 5, "Present - Luna UHD Slot", is a Luna USB HSM 7 physical slot.
NOTE The slots listed as "Not Present - Luna UHD Slot" are placeholders for other possible devices that could be USB-connected, but currently are not.
2.Once you have selected a slot to work on, lunadiag displays a menu of commands you can use:
lunadiag version x.y Date: Mmm dd yyyy Time: hh:mm:ss Detecting Luna devices ... Detection complete. Slots available: Slot #0 - Present - LunaNet Slot Slot #1 - Present - LunaNet Slot Slot #2 - Present - LunaNet Slot Slot #3 - Present - Viper PCI Card Slot #4 - Not present - Luna UHD Tunnel Slot Slot #5 - Present - Luna UHD Slot Slot #6 - Not present - Luna UHD Slot Slot #7 - Not present - Luna UHD Slot Enter slot to test:
In order to see the lunadiag menu of commands, select a slot on which to act:
Enter slot to test: 0
Lunadiag Commands
lunadiag version x.y Date: Mmm dd yyyy Time: hh:mm:ss Main Menu 1 Select slot to test 2 Driver Test 3 Communication Test 4 Read Firmware Level 5 Read Protocol Level 6 Read Capabilities 7 Read Token Policies 8 Read TSV 9 Read Dualport 10 Read Dualport Command 11 Token Info Test 12 Mechanism Info Test 16 Read Debug/Trace Information 17 Display Environmental Monitoring Information 18 Read Diagnostic Log 19 Display Tamper State 20 Monitor Tamper State 0 Exit ----------------------------------------
Enter a number between 1 and 20 to run its corresponding command.
NOTE Commands 13, 14, and 15 are not displayed. They are no longer supported.
For a description of each function available in the lunadiag utility, see Descriptions of lunadiag commands.
Number | Name | Description |
---|---|---|
1 | Select slot to test |
Shows a list of available slots. Enter a slot number to change which slot to work on. |
2 | Driver Test | Detects and tests driver functionality on the current slot. |
3 | Communication Test | Tests the connection between the utility and the HSM in the current slot. |
4 | Read Firmware Level | Shows the firmware level, corresponding to firmware revision of the HSM in the current slot. |
5 | Read Protocol Level | Shows the protocol level, corresponding to the available commands of the firmware version of the HSM in the current slot. |
6 | Read Capabilities | Returns status (ENABLED or DISABLED) of HSM, SO, and User capabilities for the HSM in the current slot. |
7 | Read Token Policies | Returns status (ENABLED or DISABLED) of HSM, SO, and User policies for the HSM/token in the current slot. |
8 | Read TSV | Returns the Token State Vector for the HSM/token in the current slot. |
9 | Read Dualport | This command is not supported by Luna HSM 7.0. |
10 | Read Dualport Command | This command is not supported by Luna HSM 7.0. |
11 | Token Info Test |
Shows information about the HSM/token in the current slot, including: >Label >Manufacturer >Model and serial number >Certificates >Flags >Open and max sessions >PIN length >Total memory and how much of it is free >SO and User container status flags |
12 | Mechanism Info Test | Retrieves and shows all available mechanisms for the HSM in the current slot. |
16 | Read Debug/Trace Information | This command is not supported by Luna HSM 7.0. See 18 instead. |
17 | Display Environmental Monitoring Information |
Returns the status of the environment in which the HSM is operating. Variables shown include: >RTC (Real Time Clock) temperature >DIE (RTC DIE) temperature >SM (Security Module) temperature >PKA (Public Key Accelerator) temperature >PKA Warn Temp: critical PKA temperature at which a warning is issued >Battery >Battery Warn: critical battery level at which a warning is issued >Fan statuses |
18 | Read Diagnostic Log |
Shows diagnostic log for the HSM in the current slot. 1.Select a partition from the list by entering its corresponding number. Each partition is responsible for logging information pertaining to its particular focus. Select 9 to show all log information. 2.All log entries for the chosen partition are ordered by entry number, and show information such as: •Bytes read •Timestamp •Date of entry •Time of entry •Other information about the HSM; this varies between partitions |
19 | Display Tamper State |
Checks the tamper state of the HSM in the current slot. If no tamper is detected, "No active tampers" and current temperature are shown. If a tamper is detected, its type, time it occurred, and live environmental values are shown. |
20 | Monitor Tamper State |
Monitors the tamper state of the HSM in the current slot. Key tamper parameters are shown and updated periodically as they change over time. To force the function to stop looping, press Ctrl + C on your keyboard. |
0 | Exit | Exits and closes the lunadiag utility. |
Verifying a Successful Installation
If you can run the tests listed below, and they do not return error messages, then the installation was successful.
2 Driver Test 3 Communication Test 4 Read Firmware Level
Troubleshooting
If you are experiencing problems, try the following:
1.Check the connections to your HSM.
2.Remove and re-install the Luna HSM Client software.
If problems persist, contact Technical Support.