Hardware Reference
This appendix contains hardware specifications and instructions on how to fit the HSM with an external tamper detector such as a micro switch.
Adapter Modification for External Tamper Detectors
Connect additional tamper detection devices using the tamper input header, located on the rear face of the card, as illustrated in Rear face of the card.
Figure 1: Rear face of the card
To fit an external tamper detection device
1.Remove the default jumper/shunt that bridges the two posts in the ProtectServer PCIe 2's tamper input header (see Rear face of the card).
2.Connect your external tamper device in the shunt's place.
The cable end from your tamper-detection device must match the Molex socket on the adapter, which is designed to fit with an insertable connector housing (Molex part 35507-0200).
a.Crimp a pair of 2 mm WTB crimp terminals (Molex part 50212-8100) to the ends of your tamper detector's two-wire connector cable.
b.Insert the crimped terminal sockets into the Molex connector housing.
3.Plug the newly-fitted connector cable into the PCIe adapter's tamper input header.
The external tamper detector must provide the following conditions:
>In the untampered condition, the device must provide a low-impedance path (short circuit) between the tamper-detection posts.
>In the tampered condition, the device must show an open circuit.
The Battery
The adapter is fitted with a backup battery, which maintains cryptographic keys and the correct time when the host computer is shut down, or when the adapter is otherwise disconnected from a power source.
The battery has an expected lifetime of ten years. It should not require replacement within the normal lifetime of the adapter.
Testing the battery
You can use the utilities provided with the adapter to query the state of the battery. In ProtectToolkit-C, use ctcheck -b batterystatus to return a state of Good/Low. For more information about querying the state of the battery of the HSM, see the reference guide for your ProtectToolkit software.
The real-time clock (RTC) and memory retain their data as long as the adapter is in a powered system. The RTC performs a daily battery check. If it detects a low-battery warning, the battery may need to be replaced. If the adapter has been de-powered or removed from its system, the data in its memory is suspect. If the adapter has been continuously powered, then the data in memory can be trusted and you can make a backup before sending the adapter to a Thales service centre for battery/HSM replacement. For more information about returning an HSM back to Thales, refer to RMA and Shipping Back to Thales .
Port Specifications
The USB-to-serial cable provides an RS232 port with pin outs as shown in Adapter serial connector. This port can be used for connecting a smart card reader or another serial device.
Figure 2: Adapter serial connector