General
The HSM is normally supplied from the factory with the required software pre-installed. It will only be necessary to reload the software if a catastrophic corruption has occurred or when an upgrade is supplied by the factory.
Software is loaded using the Image Loader program, supplied on the software CD packaged with the HSM. This runs on a PC connected to the HSM.
HSM 8000 Image Loader is a Microsoft windows application and is compatible with all 32-bit Microsoft operating systems. HSM 8000 Image Loader uses a dynamically linked MFC library. This dynamic library must be present on any computer where HSM 8000 Image Loader is installed. Its naming convention is MFCx.dll, where x is the MFC version number.
The purpose of HSM 8000 Image Loader is to upload software components to the HSM 8000 Host Security Module (HSM). HSM 8000 Image Loader supports three types of upgrade:
· A bootstrap upgrade, which is an upgrade of the bootstrap, kernel, HSM application and FPGA driver. A bootstrap upgrade can include a Comms card image.
· A kernel upgrade, which is an upgrade of the kernel, HSM application and FPGA driver. A kernel upgrade can include a Comms card image. If a kernel is already on the target HSM then the new kernel must be signed.
· An application upgrade, which is an upgrade of the HSM application and FPGA driver. An application upgrade can include a Comms card image.
Connection and Setup
The computer being used to run HSM 8000 Image Loader must possess two serial ports. These serial ports should be connected to the HSM Auxiliary and Console ports using straight through connected 9 pin serial cables. The following conditions must also be satisfied before running Image Loader:
· A HSM must be in the secure state if it already contains a running HSM application. Otherwise an upgrade will not be allowed to proceed. If the target HSM is not running a HSM application the HSM locks should be configured so that any HSM application will be in the secure state once it is uploaded. The HSM is put into the secure state by turning both of the key locks on the front panel to the unlocked position. See the HSM 8000 Security Operations Manual for further details.
· Microsoft’s MFCx.dll dynamic library must be present on the computer where HSM 8000 Image Loader is installed. Its default location is C:\WINNT\system32 and its naming convention is MFCx.dll, where x is the MFC version number.
· The HSM Ethernet Management port must have a valid Ethernet connection. The HSM and the PC running HSM 8000 Image Loader can either be connected over a LAN, or connected directly using a crossover ethernet cable. The IP address for the HSM Management port is set using the CM console command; see the HSM 8000 Console Reference Manual for details.