Overview

A Functionality Module (FM) is custom-developed, customer-specific code that operates within the secure confines of a Hardware Security Module (HSM). You can use the ProtectToolkit FM SDK to develop FMs for the ProtectServer Network HSM and ProtectServer PCIe HSM, introduced in release 5.0.

FMs allow application developers to design security-sensitive program code, which can be downloaded into the HSM to operate as part of the HSM firmware. This functionality may be required to implement custom algorithms, or to isolate security-sensitive code from the host environment. FMs can make full use of the HSM functionality, which is provided using a PKCS#11-compliant Application Programming Interface (API). The ProtectToolkit FM SDK allows developers an extensive opportunity to create a wide range of customized high-security applications.

To assist in the development of FMs, the ProtectToolkit FM SDK contains support for FM emulation on the Host System.

This document is intended for software developers, as a technical reference describing the programming methodologies and functions used for developing FMs and host-side applications.

Features

Host apps are supported on all platforms supporting the ProtectToolkit SDK. FMs have to be cross-compiled on Linux. The FM SDK provides the following components:

>Sample FM code

>Sample host-side code

>Build scripts

>Host-side libraries

>Java classes to access HSMs

>Java docs

>FM binary image generation tools

>FM libraries

>FM emulation libraries

>8 MB of storage space is available on the HSM to store FMs.

Constraints

The ProtectToolkit FM SDK has the following limitations on FM development:

>FMs compiled using the ProtectToolkit FM SDK 5.4 or newer do not load correctly into HSMs using firmware 5.00.xx.

>Downgrading HSMs from firmware 5.01.00 or newer to 5.00.08 or older will delete any FMs on the device that were compiled using the ProtectToolkit FM SDK 5.4 or newer.

>FMs that have been loaded onto the HSM are not deleted from the HSM after a tamper event. FMs must be deleted by using the ctfm utility before tampering the HSM. For more information about tampering the HSM and deleting FMs using the ctfm utility, see Tampering or Decommissioning the HSM and ctfm.