First Boot

The HSM leaves the factory in a condition known as the first boot or factory state(fresh/first time boot). In this state, the HSM can be initialized with any set of smart cards already formatted and with a Server Master Key created. The smart cards contained in the package are already formatted. After a database reset, the HSM also returns to the first-time state boot.

When the HSM is switched on in the fresh/first time state boot, after the initial screen, the local console displays a screen informing you of the HSM's first-time state boot . From this screen you can either authenticate with a ready-made set of smart cards (with the Server Master Key created) or start the process of preparing a new set of smart cards via the Smart Card Manager.

Fresh/first time screen boot

Fresh/first time screen boot

Selecting Yes loads the Smart Card Manager, through which the Server Master Key Generation initialization step will be carried out.

Smart Card Management

Smart Card Management

In the Smart Card Manager select the desired option and press Enter to activate the chosen option. To exit the Smart Card Manager at any time, press ESC or use the left arrow key.

Info

HSMs with an injected TP Key can only generate a new Server Master Key on smart cards with the same TP Key injected. This key is used for secure communication between the HSM and the smart card.

In order to use an M of N scheme, it is necessary to define the N and M parameters:

  • N: the total number of cards that will be generated and distributed. This number can be between 2 and 250.

  • M: the number of cards, out of the N generated, that will be requested to activate the HSM. This number must be between 2 and the number defined for N.

During the generation of the Server Master Key, the cards will be requested.