HSM management
Setting the security policy
The most important aspect of ProtectToolkit-C administration is choosing the settings, or Security Policy, which will determine how ProtectToolkit-C can be used. The Administrator is strongly advised to read Security Policies and User Roles, which explains how different settings affect the security and performance of the ProtectToolkit-C environment.
To set the HSM security policy
-
Select Edit > Security Mode...
-
Select the required settings from the Modify Security Mode dialog box.
-
Select OK to store the selected security policy.
Setting the Transport Mode
The HSM Transport Mode is used to set the method in which the HSM responds when removed from the PCI bus.
To set the HSM transport mode
Caution
Transport Mode only disables the tamper response mechanism when removing the ProtectServer 3 PCIe adapter from the PCIe bus. Attempting any other hardware tamper procedure described in Hardware tamper procedures or physically attacking the ProtectServer 3 HSM will still result in a tamper response when a Transport Mode is enabled.
-
Select Edit > Transport Mode... to open the Transport Mode dialog box.
-
Choose from one of the following selections:
Mode number Mode name Mode description 0 No Transport Mode (Default) Default mode that is applied when the HSM is installed and configured. This mode will tamper the HSM if it is removed from the PCI bus or any other hardware tamper procedure described in Hardware tamper procedures is attempted. 1 Single Transport Mode HSM will not be tampered by removal from the PCI bus and will automatically revert to No Transport Mode the next time the HSM is reset or power is removed and restored. 2 Continuous Transport Mode HSM will not be tampered by removal from the PCI bus. -
Select OK to set the Transport Mode.
Clock drift correction
The HSM hardware's internal clock may occasionally need to be adjusted, due to clock drifts and other timing differences between the HSM and the host system. The clock can be adjusted manually or synchronized with the host system's clock (recommended).
To synchronize the HSM clock
-
Select Edit > Clock.
The current value of the HSM clock is displayed.
-
Edit the date and time manually, or synchronize the HSM clock to the host clock (recommended) by clicking Synch.
-
Select OK to close the dialog box.
Viewing and purging the system event log
ProtectToolkit-C maintains a system event log as a means of tracking serious hardware or operational faults, tamper events, and self-test error information. For full details on what the event log stores and how to interpret its data, please refer to Using the system event log.
When the event log is full, the HSM will no longer store new event records and will need to be purged. The event log cannot be purged until it is full.
To view the event log
Select Event Log > Event Log View.
A dialog is shown containing a list of events with columns for “Firmware Type”, “Firmware Version”, “Error”, “Date”.
To purge the event log
-
Select Event Log > Event Log Purge. A confirmation dialog appears.
-
Select Yes to confirm you want to purge the event log.
Note
If the event log is not full, an error is displayed.
Updating HSM firmware
The firmware that operates on the ProtectServer hardware can be upgraded to newer versions through a secure upgrade facility. This facility will only allow the HSM to be upgraded to firmware versions that have been digitally signed by SafeNet.
Caution
Depending on the active security policy, the HSM might execute a soft tamper before completing the upgrade process. This tamper will erase all key and configuration data on the HSM. See Security policies and user roles.
Firmware upgrades are distributed in the form of a digitally-signed file. Before a firmware upgrade, ensure that:
-
All important user data and keys have been backed up
-
The current HSM configuration has been noted
-
All applications using the HSM have been closed
To upgrade the HSM firmware
-
Select File > Upgrade Firmware.
-
Select the firmware upgrade file and select OK to continue with the firmware upgrade.
Note
The upgrade process may take up to two minutes to complete. Following the upgrade, a dialog box appears stating the success or failure of the upgrade operation.
-
Reset the HSM in one of the following two ways:
-
Connect to the ProtectServer 3 External or ProtectServer 3+ External appliance via SSH or the local console and run hsm reset. For more information about this command, see hsm reset.
-
Use the hsmreset SafeNet hardware maintenance utility. For more information about this utility, see hsmreset.
The firmware upgrade procedure is now complete.
Tampering the HSM
It may be necessary to tamper the HSM at the end of its life cycle, or after any other security-sensitive event requiring all stored data to be immediately destroyed.
A tamper formats the secure memory of the HSM, erasing all configuration and user data.
To tamper the HSM
-
Select File > Tamper Adapter.
-
Select OK to confirm the action.