2 M-HSM Installation and Setup Scenarios

This section describes the following installation and setup options:

  1. Initial setup:
    1. Install all required software components.
    2. Update all required M-HSM server configuration files.
    3. Install the HSM module.
    4. Provision the M-HSM server.
      1. Create new Security World and Administrator Card Set (ACS).
      2. Generate all required M-HSM server keys.
      3. Exchange public encryption and public verify keys with the U-HSM.
      4. Import Diversified Factory Key Database (DFK DB) and the manufacturing keys received from the U-HSM.
  2. Post-Installation (maintenance) steps:
    1. Upgrade the HSM module firmware.
    2. Replace the HSM module.
    3. Import public keys of the U-HSM.
    4. Export public keys for sending to a U-HSM.
    5. Import new DFK DB and manufacturing keys for the target Microchip device(s).
  3. Replication of the existing M-HSM server (creates a copy of already provisioned M-HSM server):
    1. Install all required software components.
    2. Copy over Security World from the source M-HSM server.
    3. Copy over the M-HSM server software and configuration files.
    4. Copy over the existing DFK DB.
    5. Replace the HSM module.