Installation for PCIe Mode

This chapter provides instructions for installing the SafeNet PCIe Access Provider. Please see the appropriate section for your host system:

>Windows Installation for PCIe Mode

>Linux Installation for PCIe Mode

Windows Installation for PCIe Mode

This section provides instructions for Windows operating systems. The latest versions of the client software and HSM firmware can be found on the Gemalto Technical Support Customer Portal. See Support Contacts for more information.

Before following the procedure below, ensure that you are logged in as a member of the Windows administrator group.

Upgrading

If you are upgrading the access provider, you must uninstall any currently-installed version by using the Windows Programs and Features control panel.

CAUTION! If uninstallation is not carried out first, the system may lock up. See Troubleshooting for recovery instructions.

To install the SafeNet PCIe HSM Access Provider:

1.Locate the installer directory and execute the file PTKpcihsm2.msi.

2.Work through the installation wizard.

By default, the SafeNet PCIe HSM AccessProvider package is installed in the following directory:

\Program Files\SafeNet\Protect Toolkit 5\PCI HSM 2

3.A prompt during the installation allows you to change the default destination. Unless there is good reason, the default should be accepted.

4.You will be prompted to install the driver. The driver is required.

NOTE A reboot may be required to successfully load the driver.

To verify correct installation:

From a command prompt, type hsmstate to execute the hsmstate utility. If the adapter has been correctly installed, the response will include:

HSM in NORMAL MODE. RESPONDING

For more information about the hsmstate utility, refer to the section in Utilities Command Reference.

Making Configuration Changes

Finally, make any necessary configuration changes. Currently, the only configurable setting in PCIe mode is the ET_HSM_PCICLIENT_READ_TIMEOUT_SECS variable. This setting determines the time in seconds the PCIe driver will wait before timing out on a read operation. It should be set long enough to avoid an unintentional timeout, which causes the driver to shut down the HSM. See Configuration Items for instructions on how to change this setting, and PCI Mode Client Configuration Items for a description of the variable.

Linux Installation for PCIe Mode

This chapter provides instructions for Linux operating systems.

The Unix Installation Utility

The simplest way to install or uninstall an access provider package on any of the Linux/Unix platforms is to use the Unix Installation Utility. The utility ensures that the correct commands for your platform are automatically executed.

If you wish to enter Linux commands manually, see Manual Linux Installation Commands.

Linux install preparation

Before adding or removing any packages, you must become the super-user on the host system.

The Linux driver is distributed as source code and must be compiled for the running kernel before loading as a dynamic module. In most cases, the installation script will do this automatically, provided the following conditions are met:

>The same version of the C compiler (gcc) used to compile the kernel must be available.

>The rpmbuild package is installed.

>The appropriate kernel source package for the running system is installed. The kernel source is usually installed in /usr/src/linux-<VER> with a symbolic link from either:

•/lib/modules/<VER>/build or

•/lib/modules/<VER>/source

where <VER> is the kernel version as reported by uname –r

To install the SafeNet PCIe Access Provider:

1.Mount the installation CD-ROM and navigate to its directory. For example:

# cd /cdrom/cdrom0/

2.Use the Unix Installation Utility.

Select the PCI HSM Access Provider device driver package from the Install Menu. This will install the PCIe HSM Access Provider package, including the device driver and test utilities, as well as the manual pages for these programs to the default directory (/opt/safenet).

See Using the Unix Installation Utility for more information.

NOTE A reboot may be required to successfully load the driver.

Manual Linux Installation Commands

To install the access provider manually:

The access provider is installed by executing the following as 'root' (super-user):

# cd /cdrom/cdrom0/Linux/pci_hsm_access_provider
rpm -i PTKpcihsm2-X.X-X.i386.rpm

If the compile fails, or the driver does not come up automatically (hsmstate fails), you will need to correct the problem and then cd /opt/ETpcihsm/src and invoke make(1) as root. The Makefile in that directory has some notes to help you get the driver compiled correctly.

To uninstall the access provider manually:

To remove the software from your host system, simply use the rpm(8) command with the appropriate package name as a parameter.

For example:

# rpm -e PTKpcihsm2