Viewing and Purging the HSM Event Log
SafeNet ProtectServer HSMs maintain event logs in order to provide a means of tracking serious hardware or consistent operational faults. It is the device administrator’s task to view and purge HSM event log data. See Event Log Error Types for a complete list of possible error code values that may be recorded in the event log.
When the HSM event log is full, the HSM will no longer store new event records and will need to be purged.
NOTE The HSM event log cannot be purged until it is full.
To view the HSM event log
1.Launch the administration utility from the Start menu by selecting Start > Programs > SafeNet > ProtectToolkit M > gmadmin.
2.Select the desired HSM from the Active Adapters list.
3.Open the Adapter menu and select View Event Log.
4.The administration utility will now prompt for the device administrator password. Correct entry of the password will result in the event log being displayed.
5.The event log is shown as a series of pages. If there are more than one page of event log entries, the operator can navigate through the pages via the first, prev, next, last buttons.
To purge the event log
1.Launch the administration utility from the Start menu by selecting Start > Programs > SafeNet > ProtectToolkit M > gmadmin.
2.Select the desired HSM from the Active Adapters list.
3.Open the Adapter menu and choose Purge Event Log.
4.The administration utility will now prompt for the device administrator password. Correct entry of the password will result in the event log being purged.
NOTE The event log can also be purged via the View Event Log dialog by clicking the Purge button.
Event Log Error Types
The following table lists the error entries that may be generated by the ProtectServer HSM firmware and written to the HSM’s event log.
Event records are written sequentially and chronologically. If the date and time of a later entry in the log is stating an earlier time than an entry preceding it, it indicates that the real time clock or audit information has been altered.
| Name | Description |
|---|---|
POST_ERR_SRAM_WRITE
|
POST Error: Cannot write to SRAM |
POST_ERR_SRAM_READ
|
POST Error: Cannot read from SRAM |
POST_ERR_SDRAM_DATA_STUCK
|
POST Error: SDRAM, bit stuck |
POST_ERR_SDRAM_DATA_SHORT
|
POST Error: SDRAM data bits short Param 1. Bit number Param 2. Value |
POST_ERR_SDRAM_ADDR_STUCK
|
POST Error: SDRAM address bit stuck |
POST_ERR_SDRAM_ADDR_SHORT
|
POST Error: SDRAM address bits short Param 1. Bit number |
POST_ERR_SDRAM_BAD_BYTESEL
|
POST Error: SDRAM bad bytes select |
POST_ERR_BAD_SECTOR0
|
POST Error: POST Sector checksum is not correct |
POST_ERR_NOMEM
|
Cannot allocate memory |
POST_ERR_OS_HASH
|
The OS hash value is incorrect |
POST_ERR_KAT
|
Known answer test failed Param 1. Algorithm Identifier Param 2. Error Code |
POST_ERR_RNG
|
RNG did not pass chi-squared test |
POST_ERR_NO_THREAD
|
Unable to start POST Thread |
POST_ERR_SMFS
|
Secure memory file system error Param 1. Error Number |
POST_ERR_RTC
|
Unable to access RTC |
POST_ERR_SER
|
Unable to access UART |
POST_ERR_FDS
|
Flash Data Storage error |
EXCEPT_UNDEF
|
An undefined instruction has been executed Param 1. Address Param 2. Instruction |
EXCEPT_SWI
|
A software interrupt generated Param 1. Address Param 2. Instruction |
EXCEPT_PREFETCH
|
A Prefetch abort generated Param 1. Address |
EXCEPT_DATA
|
A Data abort generated Param 1. Address |
EXCEPT_IRQ
|
An unhandled IRQ received Param 1. Identifier |
ERR_HOT_TAMPER
|
Hot tamper detected |
ERR_HOT_TAMPER_ESM3000
|
ESM3000 tamper generates log parameters |
ERR_CLD_TAMPER_ESM3000
|
Tamper occurred whilst mains power off |
ERR_FLS_TAMPER
|
Tamper noise detected |
ERR_HOT_TAMPER_SRC
|
Tamper detected (main power operation) |
ERR_CLD_TAMPER_SRC
|
COLD Tamper occurred |
ERR_TAMPER_CLR
|
Tamper condition cleared |
LOG_FIRST_ENTRY
|
Initial event entry |
LOG_INITIALIZING_SRAM
|
Initializing the SRAM after a tamper |
LOG_EVENT_LOG_PURGED
|
Event log has been purged |
LOG_INIT_SRAM_COMMAND
|
Soft tamper command executed |
LOG_DANGLING_DIR_FOUND
|
Flash SmFs has detected a dangling DIR entry |
ERROR_ASSERT
|
Runtime Assertion Param 1. File Param 2. Line |
ERROR_INIT_RESOURCE
|
Out of resources in initialization Param 1. File Param 2. Line |
ERROR_INIT_PLATFORM
|
Failed to detect hardware platform Param 1. File Param 2. Line |
ERROR_PCI_CONFIG_CORRUPTED
|
PCI configuration corrupted |
ERROR_PCI_REGS_CORRUPTED
|
PCI registers contain unexpected values - unclearable |
HEAP_INVALID_ADDRESS
|
Heap Invalid block address Param 1. Heap number Param 2. Address |
HEAP_MEM_FREED_TWICE
|
Heap: Memory Freed twice Param 1. Address |
DCP_TIMEOUT
|
DCP: Timeout error on device |
DCP_BAD_STAT
|
DCP: Bad device status |
DCP_BAD_DATA
|
DCP: Bad input data |
DCP_RNG_STUCK
|
DCP: Continuous RNG test |
DCP_LNAU_EXCEPTION
|
DCP: Large Number Arith Hardware exception |
DCP_FAILED_RESET
|
DCP: Failed to reset |
DCP_RESOURCES
|
DCP: Insufficient recources to start driver |
DCP_FATAL_EXCEPTION
|
DCP: an unrecoverable error has occured |
PCCISES_TIMEOUT
|
PCCISES: Timeout error on device Param 1. Error |
PCCISES_BAD_STAT
|
PCCISES: Bad device status Param 1. Status |
PCCISES_BAD_DATA
|
PCCISES: Bad input data |
PCCISES_RNG_STUCK
|
PCCISES: Continuous RNG test error Param 1. Value |
PCCISES_LNAU_EXCEPTION
|
PCCISES: Large Number Arith Hardware exception (Unit,0) |
PCCISES_FAILED_RESET
|
PCCISES: Failed to reset |
PCCISES_RESOURCES
|
PCCISES: Insufficient resources to start driver |
CPROV_OS_UPGRADED
|
OS Upgrade performed Param 1. Mod Param 2. Version |
CPROV_OS_UPGRADE_FAILED
|
OS Upgrade failed |
PROT_NO_SMPR
|
PROTECTION: HSM SMPR not found |
PROT_CIPHER_ERROR
|
PROTECTION: Cipher operation failed |
KEYGEN_ERR_PAIRWISE
|
Key generation: Pair-wise consistency failure |
FM_OP_DOWNLOAD
|
FM Download Performed Param 1. Mod Param 2. Version |
FM_OP_DISABLE
|
FM Disabled Param 1. Mod Param 2. Version |
FM_MODULE_FAIL
|
FM failed to load Param 1. Mod Param 2. Version |
PTKC_CFG_CHNG
|
SafeNet ProtectToolkit-C config change Param 1. New Val Param 2. Old Val |
FDS_FLASH_ERASE_ERROR
|
Flash erasure error in FDS |
FDS_FLASH_WRITE_ERROR
|
Flash write error in FDS |
ERR_RTC_CANT_INITIALIZE_I2C
|
Real-time clock couldn't be initialized |
ERR_RTC_CANT_CLEAN_TAMPER_1
|
Real-time clock can't clear tamper |
ERR_RTC_CANT_ARM_TAMPER_1_CIRCUITS
|
Real-time clock can't re-arm the tamper circuit |
ERR_RTC_CANT_CLEAN_TAMPER_2
|
Real-time clock can't clear tamper |
ERR_RTC_CANT_ARM_TAMPER_2_CIRCUITS
|
Real-time clock can't re-arm the tamper circuit |
ERR_RTC_CANT_CLEAN_POWER_LOSS
|
Real-time clock can't clear power loss |
ERR_RTC_RECONFIGURING_FAILED
|
Real-time clock reconfiguration failed |
ERR_RTC_EXTERNAL_TAMPER_LATCHED
|
Real-time clock external tamper |
ERR_RTC_TAMPER_2_SIGNAL
|
Real-time clock tamper signal |
ERR_RTC_TAMPER_CIRCUITS_RE_ARMED
|
Real-time clock tamper circuits re-armed |
ERR_RTC_LOST_ALL_POWER
|
Real-time clock lost power |
ERR_RTC_BATTERY_LOW
|
Real-time clock battery low |
ERR_RTC_BATTERY_WAS_LOW_WHEN_MAIN_POWER_WAS_OFF
|
Real-time clock low battery alert during main power loss |
ERR_RTC_ZEROIZED_ON_POWER_LOSS
|
Real-time clock zeroized after power loss |
ERR_RTC_UNRELIABLE_DUE_TO_LOW_BATTERY_WHEN_MAIN_POWER_WAS_OFF
|
Real-time clock time unreliable due to low battery voltage |
ERR_RTC_CONFIGURATION_CORRUPTED
|
Real-time clock configuration corrupt |
ERR_RTC_RECONFIGURING_PASSED_CLOCK_RESTARTED
|
Real-time clock reconfiguration passed and clock restarted |
ERR_HSM_HALT_ON_INT_TAMPER
|
HSM halted due to internal tamper |
ERR_HSM_HALT_ON_LO_BAT
|
HSM halted due to low battery |
ERR_HSM_HALT_ON_EXT_TAMPER
|
HSM halted due to external tamper |
ERR_HSM_HALT_ON_OVER_VOLTAGE
|
HSM halted due to high voltage |
ERR_HSM_HALT_ON_UNDER_VOLTAGE
|
HSM halted due to low voltage |
ERR_HSM_HALT_ON_OVER_TEMP
|
HSM halted due to high temperature |
ERR_HSM_HALT_ON_UNDER_TEMP
|
HSM halted due to low temperature |
