stm transport
Place the HSM in Secure Transport Mode (STM).
You must be logged in as HSM SO to invoke Secure Transport Mode.
>for multifactor quorum authenticated HSMs, the blue HSM SO PED key is required
>for password authentication have the HSM SO password ready
NOTE The stm commands appear only when LunaCM's active slot is set to the administrative partition
When you enter this command, two strings are displayed: a verification string and a random user string. Record both of these to confirm later that the HSM was not tampered with while in STM. When you recover from STM, enter the random user string and compare the generated verification string to the original one you received. If the strings match, the HSM has not been tampered while in STM (see stm recover).
CAUTION! Using a multifactor quorum-authenticated HSM with Luna HSM Firmware 7.7.1-20 or older, ensure that CO, LCO and CU roles are deactivated on all partitions before placing the HSM in Secure Transport Mode (see Deactivating a Role). If any roles are still activated when STM is set, this can result in mismatched verification strings during STM recovery.
This is not necessary using Luna HSM Firmware 7.7.2 or newer; placing the HSM in STM automatically logs out and deactivates these roles.
The roles can be logged in and reactivated manually after STM recovery.
Syntax
stm transport
Example
lunacm:>stm transport
You are about to configure the HSM in STM.
Are you sure you wish to continue?
Type 'proceed' to continue, or 'quit' to quit now ->proceed
Configuring the HSM for transport (may take a few seconds)...
HSM was successfully configured for transport.
Please record the displayed verification & random user strings.
These are required to recover from Secure Transport Mode.
Verification String: SL7P-GWtA-JFKt-psCH
Random User String: Gxbx-dXFM-x4bW-bMWN
Command Result : No Error
