Operating mode

The HSM can operate in different modes: non-restricted (NRM), restricted 1 (RM1) and restricted 2 (RM2), see Operating Modes topic for more details.

To change the mode, the HSM database must be reset, which means destroying all objects and keys.

The service must be stopped in order to change the operating mode.

Smart cards used to operate in restricted mode must have a TP Key injected, the same one used in the HSM. Without this, there is no secure communication between the card and the HSM and restricted mode cannot be activated.

If the HSM is part of a Replication Domain, changing the mode will stop replication until all nodes are in the same mode.

Danger

It is highly recommended that you generate a backup before changing the operating mode, as a complete reset of the HSM database will be carried out.

Changing the HSM's operating mode

Changing the HSM's operating mode