2 U-HSM Installation and Setup Scenarios

This sections describes the following installation and setup options:

Initial installation
1. Install all required software components.
2. Update all required U-HSM server configuration files.
3. Install the HSM module.
4. Provision the U-HSM server.
  - Create new Security World and Administrator Card Set (ACS).
  - Generate all required U-HSM server keys.
  - Exchange public encryption and public verify keys with M-HSM or sIHP server.
  - Exchange public keys with MFG-HSM.
  - Import Diversified Factory Key Database (DFK DB) (see the Secure Production Programming Solution (SPPS) User Guide for information about DFK DB) and the MFG keys received from Microchip.
  - If job execution is done with the help of a contract manufacturer, prepare DFK DB and MFG keys for use by M-HSM.
Replication of the existing U-HSM server (creates a copy of already provisioned U-HSM server)
1. Install all required software components.
2. Copy Security World from the source U-HSM server.
3. Copy over the U-HSM server software and configration files.
4. Copy the over existing DFK DB.
5. Install and connect an HSM module to the Security World.
Post-Installation (maintenance) steps
1. Upgrade the HSM module firmware.
2. Replace the HSM module.
3. Exchange public keys with MFG-HSM.
4. Import public keys of an M-HSM.
5. Export public keys for sending to an M-HSM.
6. Prepare the DFK DB for sending to an M-HSM.

The online versions of the documents are provided as a courtesy. Verify all content and data in the device’s PDF documentation found on the device product page.