Self-tests
Note
The information described in this section is only applicable to ProtectServer 3 HSMs running ProtectServer 3 HSM Firmware 7.03.00 or newer.
The ProtectServer 3 HSM runs periodic self-tests (PSTs) without any user intervention or on demand external triggers. These self-tests cover known answer tests (KATs), firmware integrity tests, and RNG tests. Self-tests take approximately 10 seconds to complete and can also be triggered manually.
Triggering self-tests manually
You can trigger a self-test manually, instead of waiting 23 hours from completion of the last PST, by running the following command:
ctconf --PST-control=start
Self-test logging
The following information related to self-tests is recorded during HSM operation:
-
Self-test starts (periodic and manually triggered) are recorded in the syslog.
-
Self-test completions are recorded in the syslog.
-
Self-test failures are recorded in the HSM event log and syslog.
For more information about viewing the HSM event log, refer to Using the system event log.
If you are using a ProtectServer 3 External or ProtectServer 3+ External, refer to syslog for information about syslog management.
Self-test failures halt the HSM
The HSM halts if a self-test fails. Reset the HSM to recover from this condition.
For more information about resetting the HSM, refer to hsmreset and hsm reset.
