Using Transport Mode to Avoid a Board Removal Tamper
Transport Mode allows the HSM adapter to be removed from the host system PCI bus without causing a board removal tamper condition. A board removal tamper will remove all sensitive material from the HSM, including the HSM configuration, keys and certificates. When applied to ProtectServer External 2 or ProtectServer External 2 Plus, Transport Mode prevents a tamper event from occurring when the tamper key is turned to the tamper position, or the tamper button is pressed.
Only the Administrator can set the required transport mode on the HSM.
Use the command line utility ctconf with the -m option.
To set the Transport Mode
ctconf -m2
The numeric value following the -m switch will set the transport mode to one of the following:
Value | Mode Name | Mode Description |
---|---|---|
0 | No Transport Mode (Default) | Default mode that is applied when HSM is installed and configured. This mode will tamper the HSM if it is removed from the PCI bus, the tamper key is turned to the tamper position, or the tamper button is pressed. |
1 | Single Transport Mode | HSM will not be tampered after removal from the PCI bus, or when the tamper key is turned to the tamper position, or the tamper button is pressed. HSM will automatically change to No Transport Mode the next time the HSM is reset or power is removed and restored. |
2 | Continuous Transport Mode | HSM will not be tampered by removal from the PCI bus, or when the tamper key is turned to the tamper position, or the tamper button is pressed. |
NOTE Transport Mode does not entirely disable the tamper response mechanism. Any attempt to physically attack the HSM will still result in a tamper response.