3.4.16 Prepare and Send Device Data to the M-HSM
To execute programming jobs, the user needs to send device information to the manufacturer. This information is sent in a DFK DB file. This file is specially prepared for the manufacturer (M-HSM). The following information is included:
- DFK DB with the ticket keys encrypted with the M-HSM public key.
- MFG keys exported by Microchip MFG-HSM and encrypted with the M-HSM public key.
The following steps show how to prepare the DFK DB for the M-HSM. This flow assumes the user already has the DFK DB for the U-HSM server.
-
Make a copy of the DFKDB folder (default location is C:\Microsemi\DKFDB) and save it.
-
Prepare the MFG keys for the U-HSM server. Make sure the M-HSM public key has been imported into Microchip MFG-HSM. This is done through the Microchip portal. Request that Microchip export manufacturing keys (MFG keys) for the M-HSM.
-
Prepare the DFK DB for the M-HSM. This rewraps the DFK DB ticket keys with the M-HSM public key, making DFK values accessible to the M-HSM and it will also include the MF keys for M-HSM.
Make sure that the M-HSM public key has already been imported into the U-HSM server:
U-HSMExportDeviceData.bat <MF Keys file from Microsemi>.xml <M_UUID>
<MF Keys file>
is the XML file with the MFG keys for your M-HSM that is obtained in step one.<M_UUID>
is a 40 hex symbol M-HSM UUID. -
Send the DFK DB inside the DFKDB folder to the M-HSM.
-
Remove the DFKDB folder and replace it with original folder saved in step one.