First Boot

lThe HSM leaves the factory in a condition known as the first boot or factory state(fresh/first time boot). In this state, the HSM can be initialized with any set of smart cards already formatted and with a Server Master Key created. The smart cards contained in the package are already formatted. After a database reset, the HSM also returns to the first-time state boot.

When the HSM is switched on in the fresh/first time state boot, after the initial screen, the local console displays a screen informing you of the HSM's first-time state boot . From this screen you can either authenticate with a ready-made set of smart cards (with the Server Master Key created) or start the process of preparing a new set of smart cards via the Smart Card Manager.

                       Dinamo - Local Management Console


         ┌─────────────────────────┤  ├─────────────────────────┐
         │                                                      │
         │                                                      │
         │        This is a fresh/first time HSM boot.          │
         │                                                      │
         │   A valid Server Master Key must be generated now.   │
         │                                                      │
         │        Do you want to load smart card manager?       │
         │                                                      │
         │                                                      │
         │         ┌────┐                      ┌─────┐          │
         │         │ No │                      │ Yes │          │
         │         └────┘                      └─────┘          │
         │                                                      │
         │                                                      │
         └──────────────────────────────────────────────────────┘






  Service stopped                                   Replication Domain: <none>

Fresh/first time screen boot

Selecting Yes loads the Smart Card Manager, through which the Server Master Key Generation initialization step will be carried out.

                       Dinamo - Local Management Console






                      ┌─────────┤ Smart Card ├──────────┐
                      │  ◂                              │
                      │    Inspect                      │
                      │    Change PIN                   │
                      │    Create Server Master Key     │
                      │    Erase                        │
                      │    Create Partition Auth Set    │
                      │    Get Label                    │
                      │    Copy Set                     │
                      │    Copy Card                    │
                      └─────────────────────────────────┘






  Service stopped                                   Replication Domain: <none>

Smart Card Management

In the Smart Card Manager, select the desired option and press Enter to activate the chosen option. To exit the Smart Card Manager at any time, press Esc or use the left arrow key Left.

Info

HSMs with an injected TP Key can only generate a new Server Master Key on smart cards with the same TP Key injected. This key is used for secure communication between the HSM and the smart card.

In order to use an M of N scheme, it is necessary to define the N and M parameters:

N: the total number of cards that will be generated and distributed. This number can be between 2 and 16.
M: the number of cards, out of the N generated, that will be requested to activate the HSM. This number must be between 2 and the number defined for N.

During the generation of the Server Master Key, the cards will be requested.