Troubleshooting PCIe models

Using the HSM 'showinfo' Command

To display specific configuration information you may need, use the hsm showinfo command. This command displays the following types of information:

  • HSM label, manufacturer, model, and serial number

  • Token flags in use

  • Firmware version

  • Slot ID

  • Session state

  • SO status

To display a screen that displays such HSM-specific information, complete the following steps:

  1. Go to the lunacm command prompt.

  2. Enter the following command (which displays the following screen):

    Copy 
    hsm showinfo

Using the Partition 'showpolicies' Command

To display specific partition capability and policy information you may need, use the partition showpolicies command. For example, this command displays the following types of partition capability or policy information (refer to the screen example for a complete listing):

  • State of the following partition capabilities:

    • Private key cloning

    • Private key wrapping/unwrapping

    • Private key masking

    • Secret key cloning

    • Secret key wrapping/unwrapping

    • Secret key masking

    • Max non-volatile storage space

    • Max failed user logins allowed

  • State of the following partition policies:

    • Private key cloning

    • Private key wrapping/unwrapping

    • Private key masking

    • Secret key cloning

    • Secret key wrapping/unwrapping

    • Secret key masking

    • Multipurpose keys

    • Changing key attributes

To display a screen that displays such HSM-specific information, complete the following steps:

  1. Go to the lunacm command prompt.

  2. Enter the following command (which displays the following screen):

    Copy 
    partition showpolicies

Using the HSM 'factoryreset' Command

To reset the HSM content in an HSM to its original manufacturing state, use the hsm factoryreset command and restart the HSM. However, you must be aware that resetting the HSM content to its original manufacturing state erases all of the existing content and it will be unrecoverable once reset.

Note: To save the existing HSM content prior to issuing the hsm factoryreset command, use the HSM utilities and refer to the vendor documentation for details.

To perform a reset of HSM content and display a screen with the corresponding prompts, complete the following steps:

  1. Go to the lunacm command prompt.

  2. Enter the following command (which displays the following screen):

    Copy 
    hsm factoryreset

After completing the reset operation, the HSM is fully re-initialized (with its content having been cleared including its partitions). The HSM has been reset back to its original manufacturing state (for example, the SO PIN is again set to default). In addition, all of the previous keys have been irreversibly destroyed during this operation.