lunadiag

The lunadiag utility is a diagnostic tool for the Luna PCIe HSM 7.

In general, it is only used to confirm a successful Luna HSM installation, or to perform additional diagnostic tests as part of the troubleshooting process with Technical Support. Application developers may also use lunadiag during the software development process to help troubleshoot their code.

NOTE   This is a general-purpose tool intended for use across Luna HSM versions. It might reference mechanisms and features that are not available on all Luna products.

Syntax

lunadiag [-s=<slots>] [-o=<offset>] [  -c=<command>] [ <options>]

Argument(s) Description
-s= <slots>

Specifies the number of slots to test at once.

Range: 1 to n, where n is the number of slots available to the client.

Default: 1

-o= <offset>

Specifies the offset into slots to begin testing.

Range: 0 to n-1, where n is the number of slots available to the client.

Default: 0

-c= <command>

Specifies the command to run.

Range: 1 to 20. See Lunadiag Commands for a list of the available commands.

<options>

The following additional options can be executed, and exit immediately without user prompt.

-CHRYSTOKI - Perform the Chrystoki Library configuration test.

-FIPS - Test for FIPS setting for one token. Exit code 1 implies FIPS enabled.

Example

lunadiag  -s=1 -o=1 -c=11

NOTE   The spaces are required.

Using lunadiag

1.To get a list of available slots, run lunadiag with no arguments. This will return a list similar to the one below:

lunadiag  version x.y  Date: Mmm dd yyyy Time: hh:mm:ss
Detecting Luna devices ...
Detection complete.

Slots available:
        Slot #0 - Present     - LunaNet Slot
        Slot #1 - Present     - LunaNet Slot
        Slot #2 - Present     - LunaNet Slot
        Slot #3 - Present     - Viper PCI Card
        Slot #4 - Not present - Luna UHD Tunnel Slot
        Slot #5 - Present     - Luna UHD Slot
        Slot #6 - Not present - Luna UHD Slot
        Slot #7 - Not present - Luna UHD Slot
Enter slot to test:

In the above example:

Slots 0, 1, and 2 are listed as "LunaNet Slot", and correspond to Luna Network HSM 7 application partitions that are registered with this client/host.

Slot 3, "Viper PCI Card", is a locally contained Luna PCIe HSM 7 physical slot.

NOTE   While LunaCM shows a separate HSM administrative slot and application partition slot, lunadiag shows a single physical slot.

Slot 4 "Not present - Luna UHD Tunnel Slot", is reserved for a USB HSM Device (UHD) like a Luna Backup HSM that could be directly connected to the Luna PCIe HSM 7 card.

Slot 5, "Present - Luna UHD Slot", is a Luna USB HSM 7 physical slot.

NOTE   The slots listed as "Not Present - Luna UHD Slot" are placeholders for other possible devices that could be USB-connected, but currently are not.

2.Once you have selected a slot to work on, lunadiag displays a menu of commands you can use:

lunadiag  version x.y  Date: Mmm dd yyyy Time: hh:mm:ss
Detecting Luna devices ...
Detection complete.

Slots available:
        Slot #0 - Present     - LunaNet Slot
        Slot #1 - Present     - LunaNet Slot
        Slot #2 - Present     - LunaNet Slot
        Slot #3 - Present     - Viper PCI Card
        Slot #4 - Not present - Luna UHD Tunnel Slot
        Slot #5 - Present     - Luna UHD Slot
        Slot #6 - Not present - Luna UHD Slot
        Slot #7 - Not present - Luna UHD Slot
Enter slot to test:

In order to see the lunadiag menu of commands, select a slot on which to act:

Enter slot to test: 0

Lunadiag Commands

lunadiag  version x.y  Date: Mmm dd yyyy Time: hh:mm:ss

                Main Menu

           1   Select slot to test
           2   Driver Test
           3   Communication Test
           4   Read Firmware Level
           5   Read Protocol Level
           6   Read Capabilities
           7   Read Token Policies
           8   Read TSV
           9   Read Dualport
          10   Read Dualport Command
          11   Token Info Test
          12   Mechanism Info Test
          16   Read Debug/Trace Information
          17   Display Environmental Monitoring Information
          18   Read Diagnostic Log
          19   Display Tamper State
          20   Monitor Tamper State

           0   Exit
----------------------------------------

Enter a number between 1 and 20 to run its corresponding command.

NOTE   Commands 13, 14, and 15 are not displayed. They are no longer supported.

For a description of each function available in the lunadiag utility, see Descriptions of lunadiag commands.

Table 1: Descriptions of lunadiag commands
Number Name Description
1 Select slot to test

Shows a list of available slots.

Enter a slot number to change which slot to work on.

2 Driver Test Detects and tests driver functionality on the current slot.
3 Communication Test Tests the connection between the utility and the HSM in the current slot.
4 Read Firmware Level Shows the firmware level, corresponding to firmware revision of the HSM in the current slot.
5 Read Protocol Level Shows the protocol level, corresponding to the available commands of the firmware version of the HSM in the current slot.
6 Read Capabilities Returns status (ENABLED or DISABLED) of HSM, SO, and User capabilities for the HSM in the current slot.
7 Read Token Policies Returns status (ENABLED or DISABLED) of HSM, SO, and User policies for the HSM/token in the current slot.
8 Read TSV Returns the Token State Vector for the HSM/token in the current slot.
9 Read Dualport This command is not supported by Luna HSM 7.0.
10 Read Dualport Command This command is not supported by Luna HSM 7.0.
11 Token Info Test

Shows information about the HSM/token in the current slot, including:

>Label

>Manufacturer

>Model and serial number

>Certificates

>Flags

>Open and max sessions

>PIN length

>Total memory and how much of it is free

>SO and User container status flags

12 Mechanism Info Test Retrieves and shows all available mechanisms for the HSM in the current slot.
16 Read Debug/Trace Information This command is not supported by Luna HSM 7.0. See 18 instead.
17 Display Environmental Monitoring Information

Returns the status of the environment in which the HSM is operating. Variables shown include:

>RTC (Real Time Clock) temperature

>DIE (RTC DIE) temperature

>SM (Security Module) temperature

>PKA (Public Key Accelerator) temperature

>PKA Warn Temp: critical PKA temperature at which a warning is issued

>Battery

>Battery Warn: critical battery level at which a warning is issued

>Fan statuses

18 Read Diagnostic Log

Shows diagnostic log for the HSM in the current slot.

1.Select a partition from the list by entering its corresponding number. Each partition is responsible for logging information pertaining to its particular focus. Select 9 to show all log information.

2.All log entries for the chosen partition are ordered by entry number, and show information such as:

Bytes read

Timestamp

Date of entry

Time of entry

Other information about the HSM; this varies between partitions

19 Display Tamper State

Checks the tamper state of the HSM in the current slot.

If no tamper is detected, "No active tampers" and current temperature are shown.

If a tamper is detected, its type, time it occurred, and live environmental values are shown.

20 Monitor Tamper State

Monitors the tamper state of the HSM in the current slot. Key tamper parameters are shown and updated periodically as they change over time.

To force the function to stop looping, press Ctrl + C on your keyboard.

0 Exit Exits and closes the lunadiag utility.

Verifying a Successful Installation

If you can run the tests listed below, and they do not return error messages, then the installation was successful.

 2  Driver Test 
 3  Communication Test
 4  Read Firmware Level

Troubleshooting

If you are experiencing problems, try the following:

1.Check the connections to your HSM.

2.Remove and re-install the Luna HSM Client software.

If problems persist, contact Technical Support.