2 M-HSM Installation and Setup Scenarios

This section describes the following installation and setup options:

Initial setup:
1. Install all required software components.
2. Update all required M-HSM server configuration files.
3. Install the HSM module.
4. Provision the M-HSM server.
  1. Create new Security World and Administrator Card Set (ACS).
  2. Generate all required M-HSM server keys.
  3. Exchange public encryption and public verify keys with the U-HSM.
  4. Import Diversified Factory Key Database (DFK DB) and the manufacturing keys received from the U-HSM.
Post-Installation (maintenance) steps:
1. Upgrade the HSM module firmware.
2. Replace the HSM module.
3. Import public keys of the U-HSM.
4. Export public keys for sending to a U-HSM.
5. Import new DFK DB and manufacturing keys for the target Microchip device(s).
Replication of the existing M-HSM server (creates a copy of already provisioned M-HSM server):
1. Install all required software components.
2. Copy over Security World from the source M-HSM server.
3. Copy over the M-HSM server software and configuration files.
4. Copy over the existing DFK DB.
5. Replace the HSM module.

The online versions of the documents are provided as a courtesy. Verify all content and data in the device’s PDF documentation found on the device product page.