Implement state machine for handling NetHSM backend in the configurator tool
-
check if we have administrative credentials (backup passphrase, unlock passphrase and all Administrators' passphrases), -
for Virtual Test System: ad-hoc create all passphrases (also missing ones) in /var/lib
so it's persistent for updates -
for Hardware System: #120
-
-
if the NetHSM is not provisioned: -
(if using SSS then create NetHSM administrative credentials, split them into shares and wait until they're downloaded) -
provision NetHSM -
create users -
create keys -
configure NetHSM: logging, network, etc.
-
-
if NetHSM is provisioned: -
check if there's discrepancy to the hermetic parallel config file -
request or create administrative passphrases for scope (e.g. namespace) -
optionally create N-Administrators (create new shared-secret that needs to be downloaded when using SSS) -
create missing users -
create any missing keys
-
-
Edited by David Runge