2 M-HSM Installation and Setup Scenarios

This section describes the following installation and setup options:

1. Initial setup:
   1. Install all required software components.
   2. Update all required M-HSM server configuration files.
   3. Install the HSM module.
   4. Provision the M-HSM server.
      1. Create new Security World and Administrator Card Set (ACS).
      2. Generate all required M-HSM server keys.
      3. Exchange public encryption and public verify keys with the U-HSM.
      4. Import Diversified Factory Key Database (DFK DB) and the manufacturing keys received from the U-HSM.
2. Post-Installation (maintenance) steps:
   1. Upgrade the HSM module firmware.
   2. Replace the HSM module.
   3. Import public keys of the U-HSM.
   4. Export public keys for sending to a U-HSM.
   5. Import new DFK DB and manufacturing keys for the target Microchip device(s).
3. Replication of the existing M-HSM server (creates a copy of already provisioned M-HSM server):
   1. Install all required software components.
   2. Copy over Security World from the source M-HSM server.
   3. Copy over the M-HSM server software and configuration files.
   4. Copy over the existing DFK DB.
   5. Replace the HSM module.