Using Transport Mode to Avoid a Board Removal Tamper
Transport mode allows the HSM hardware to be removed from the host system PCI bus without causing a board removal tamper condition. A board removal tamper will remove all sensitive material from the HSM, including the HSM configuration, keys and certificates.
Only the Administrator can set the required transport mode on the HSM.
Use the command line utility ctconf with the –m option.
To set the Transport Mode:
ctconf –m2
The numeric value following the –m switch will set the transport mode to one of the following:
0 |
No Transport Mode (Default) – to be applied when HSM is installed and configured. This mode will tamper the HSM if removed from the PCI bus. |
1 |
Single Transport Mode – HSM will not be tampered after removal from the PCI bus. HSM will automatically change to No Transport Mode the next time the HSM is reset or power is removed and restored. |
2 |
Continuous Transport Mode – HSM will not be tampered by being removed from the PCI bus. |
NOTE Transport Mode does not entirely disable the tamper response mechanism. Any attempt to physically attack the HSM will still result in a tamper response.