All Adapters Menu

The All Adapters menu is only available if there is more than one HSM installed on the system. This menu allows the device administrator to affect all installed HSMs with a single command. The following actions can be performed via this menu:

Initialize Adapters

This option initializes all uninitialized HSMs found on the system. Only initialized HSMs can store key information.

Synchronize Clocks

This option synchronizes all HSMs found on the system with the value of the host system clock.

Set Transport Modes

This option sets the adapter transport mode for all adapters found on the system. The adapter transport mode allows an HSM to be removed from the host system's PCIe bus without causing a tamper condition. A tamper will remove all sensitive material from the adapter, including the adapter configuration, keys, and certificates.

The device administrator is prompted to choose one of three possible transport modes:

>None - To be applied when adapter is installed and configured. This mode will tamper the adapter if removed from the PCIe bus.

>Single - Adapter will not be tampered after its next removal from the PCIe bus. Adapter will automatically change transport mode to None the next time the adapter is reset or power is removed and restored.

>Continuous - Adapter will not be tampered by being removed from the PCIe bus.

Set Security Flags

This option allows the setting of a security mode using security flags. These flags affect both the services available to the various users of the system, as well as specific security features of the HSM. The flags may be specified individually to set a custom security mode, but a standard security mode is recommended. When a standard security mode is selected, the flags are assigned values automatically to meet the requirements for that mode. For further information see Initial Configuration: Mandatory Steps, Security Mode Descriptions, and Security Mode Flag Descriptions.

Set Secure Configuration

This option allows secure configuration items to be set.

A secure configuration item is one that is open for reading but requires authentication for writing. Such configuration items are stored on the HSM, protected by the password of the device administrator.

A single item is currently supported - Allow Clear Export of Private Keys. See Enabling Private Key Clear Export .

Set Admin Passwords

This option changes the current device administrator password for all HSMs on the host system.

Upgrade Firmware

This option performs a firmware upgrade for all HSMs on the host system. The device administrator is prompted to enter the path to the firmware update file.

Tamper All Adapters

This option causes a tamper of all HSMs found on the system. A tamper formats the secure memory of the HSM and thereby erases all configuration and key data.


Customer Support Portal

SafeNet ProtectToolkit 5.9 Product Documentation  06 January 2020  Copyright 2009-2020 Thales. All rights reserved.