3.4.16 Prepare and Send Device Data to the M-HSM

To execute programming jobs, the user needs to send device information to the manufacturer. This information is sent in a DFK DB file. This file is specially prepared for the manufacturer (M-HSM). The following information is included:

• DFK DB with the ticket keys encrypted with the M-HSM public key.
• MFG keys exported by Microchip MFG-HSM and encrypted with the M-HSM public key.

The following steps show how to prepare the DFK DB for the M-HSM. This flow assumes the user already has the DFK DB for the U-HSM server.

1. Make a copy of the DFKDB folder (default location is C:\Microsemi\DKFDB) and save it.

2. Prepare the MFG keys for the U-HSM server. Make sure the M-HSM public key has been imported into Microchip MFG-HSM. This is done through the Microchip portal. Request that Microchip export manufacturing keys (MFG keys) for the M-HSM.

3. Prepare the DFK DB for the M-HSM. This rewraps the DFK DB ticket keys with the M-HSM public key, making DFK values accessible to the M-HSM and it will also include the MF keys for M-HSM.

   Make sure that the M-HSM public key has already been imported into the U-HSM server:

   U-HSMExportDeviceData.bat <MF Keys file from Microsemi>.xml <M_UUID>

   <MF Keys file> is the XML file with the MFG keys for your M-HSM that is obtained in step one.

   <M_UUID> is a 40 hex symbol M-HSM UUID.

4. Send the DFK DB inside the DFKDB folder to the M-HSM.

5. Remove the DFKDB folder and replace it with original folder saved in step one.