Load a functionality module into the HSM firmware

  • Published on Aug 19, 2025
  • 1 minute(s) read
Prev Next

After completing the preparations and signing the functionality module (FM), you can now load it into the HSM firmware.

To load the FM into the HSM firmware

  1. Use pscp or scp to transfer the signed FM to the appliance administrator account:

    pscp <signed_FM> admin@<host/IP>:

  2. Use pscp or scp to transfer the signing certificate to the appliance administrator account. If you have previously loaded an FM signed by the same key, it should already be in the appliance admin files.

  3. Connect to the appliance via SSH or a serial connection, and log in to LunaSH as administrator.

  4. Log in as HSM Security Officer (SO):

    lunash:> hsm login

  5. Confirm that the signed FM and the correct certificate are present in the admin files:

    lunash:> my file list

  6. Load the FM to the HSM by specifying the FM and signing certificate files:

    lunash:> hsm fm load -certFile <cert_file> -fmFile <FM_file>

  7. Restart the HSM. It is not necessary to reboot the appliance:

    lunash:> hsm restart

  8. Log back in as HSM SO:

    lunash:> hsm login

  9. Activate the Secure Memory File System:

    lunash:> hsm fm smfs activate

  10. Confirm that the FM was loaded and is now enabled:

    lunash:> hsm fm status

Your FM is now loaded and ready to be used.