2 U-HSM Installation and Setup Scenarios
This sections describes the following installation and setup options:
- Initial installation
- Install all required software components.
- Update all required U-HSM server configuration files.
- Install the HSM module.
- Provision the U-HSM
server.
- Create new Security World and Administrator Card Set (ACS).
- Generate all required U-HSM server keys.
- Exchange public encryption and public verify keys with M-HSM or sIHP server.
- Exchange public keys with MFG-HSM.
- Import Diversified Factory Key Database (DFK DB) (see the Secure Production Programming Solution (SPPS) User Guide for information about DFK DB) and the MFG keys received from Microchip.
- If job execution is done with the help of a contract manufacturer, prepare DFK DB and MFG keys for use by M-HSM.
- Replication of the existing U-HSM server (creates a copy of already provisioned
U-HSM server)
- Install all required software components.
- Copy Security World from the source U-HSM server.
- Copy over the U-HSM server software and configration files.
- Copy the over existing DFK DB.
- Install and connect an HSM module to the Security World.
- Post-Installation (maintenance) steps
- Upgrade the HSM module firmware.
- Replace the HSM module.
- Exchange public keys with MFG-HSM.
- Import public keys of an M-HSM.
- Export public keys for sending to an M-HSM.
- Prepare the DFK DB for sending to an M-HSM.