Application Partitions
The Luna USB HSM 7 has two partitions:
>one administrative partition, created when you initialize the HSM. The administrative partition is owned by the HSM Security Officer (SO). This partition is used by the HSM SO and the Auditor, and is not used to store cryptographic objects.
>one application partition, created by the HSM SO. The application partition is owned by its Partition Security Officer (PO), and has its own access controls and security policies independent from the administrative partition. Its function is to store cryptographic objects used by your applications.
An application partition is like a safe deposit box that resides within a bank's vault. The HSM (vault) itself offers an extremely high level of security for its contents. An application partition (safe deposit box) on the HSM has its own security and access controls, so that even though the HSM SO has access to the vault, they still cannot access the contents of the individual partitions. Only the Partition Security Officer holds the partition's administrative credentials.
Creating the Application Partition
The HSM Security Officer (SO) is responsible for creating the application partition.
Prerequisites
>The HSM must be initialized (see Initializing the Luna USB HSM 7).
>You require the HSM SO credential
To create the application partition on the Luna USB HSM 7
1.Log in as HSM SO (see Logging In as HSM Security Officer).
lunacm:> role login -name so
2.Create the application partition. You can optionally specify a V1 partition using the -version option, or a V0 partition is created by default. You can also convert V0 to V1 after initialization (see V0 and V1 Partitions).
lunacm:> partition create [-version 1]
3.[Optional] Confirm that the partition was created.
lunacm:> slot list
Deleting the Application Partition
The HSM SO can delete the partition at any time, destroying all partition roles and stored cryptographic objects.
To delete the application partition
1.Log in as HSM SO (see Logging In as HSM Security Officer).
lunacm:> role login -name so
2.Delete the application partition by specifying the slot number.
lunacm:> partition delete -slot <slot>
