Updating the HSM Firmware

The ProtectToolkit-C firmware that operates on the hardware can be upgraded to newer versions via a secure upgrade facility. The firmware upgrade can only be performed by the ProtectToolkit-C administrator using the ctconf command line utility. This facility will only allow firmware versions that have been digitally signed by Thales.

NOTE   Depending on the security policy in place, the HSM may perform a soft-tamper before the upgrade process is executed. This tamper will erase all key and configuration data on the HSM. Please see Security Policies and User Roles for more information on security policies.

Firmware upgrades are distributed in the form of a digitally-signed file. Refer to the CRN for a list of supported firmware versions.

Update Prerequisites

Prior to performing a firmware upgrade, ensure that:

>All important user data and keys have been backed up

>The current HSM configuration has been noted

>All applications using the HSM have been closed

Updating the Firmware

The HSM firmware is upgraded using the ctconf utility (see ctconf).

To update the ProtectServer HSM firmware

1.Enter the following at a command prompt, where <filename> refers to the name of the firmware upgrade file:

ctconf -g<filename>

The user is prompted for the Administrator password.

Notification of the firmware upgrade's success or failure will be displayed.

Following an upgrade, normal operation of ProtectToolkit-C may be resumed.