hsm stm transport
Place the HSM in Secure Transport Mode (STM). You need to be logged in as the HSM SO to issue this command.
When you enter this command, two strings are displayed: a verification string and a random user string. Record both of these to confirm later that the HSM was not tampered with while in STM. When you recover from STM, enter the random user string and compare the generated verification string to the original one you received. If the strings match, the HSM has not been tampered while in STM (see hsm stm recover).
CAUTION! Using a multifactor quorum-authenticated HSM with Luna HSM Firmware 7.7.1-20 or older, ensure that CO, LCO and CU roles are deactivated on all partitions before placing the HSM in Secure Transport Mode (see Deactivating a Role). If any roles are still activated when STM is set, this can result in mismatched verification strings during STM recovery.
This is not necessary using Luna HSM Firmware 7.7.2 or newer; placing the HSM in STM automatically logs out and deactivates these roles.
The roles can be logged in and reactivated manually after STM recovery.
User Privileges
Users with the following privileges can perform this command:
>Admin
>Operator
Syntax
hsm stm transport
Example
lunash:>hsm stm transport
WARNING !! You are about to configure the HSM in secure transport mode.
If you proceed, the HSM will be inoperable until it is recovered with hsm stm recover command.
If you are sure that you wish to proceed, then type 'proceed', otherwise type 'quit'.
> proceed
Proceeding...
Configuring the HSM for secure transport mode...
Record the displayed verification & random user strings. These are required to recover from Secure Transport Mode.
Verification String: 59bt-3CXF-7/Tt-qKTx
Random User String: 4CEd-4HX7-J/YW-pCX6
HSM is now in Secure Transport Mode.
Command Result : 0 (Success)
