Skip to content

Implement state machine for handling NetHSM backend in the configurator tool

  • check if we have administrative credentials (backup passphrase, unlock passphrase and all Administrators' passphrases),
    • for Virtual Test System: ad-hoc create all passphrases (also missing ones) in /var/lib so it's persistent for updates
    • for Hardware System: #120
  • if the NetHSM is not provisioned:
    • (if using SSS then create NetHSM administrative credentials, split them into shares and wait until they're downloaded)
    • provision NetHSM
    • create users
    • create keys
    • configure NetHSM: logging, network, etc.
  • if NetHSM is provisioned:
    • check if there's discrepancy to the hermetic parallel config file
      • request or create administrative passphrases for scope (e.g. namespace)
      • optionally create N-Administrators (create new shared-secret that needs to be downloaded when using SSS)
      • create missing users
      • create any missing keys
Edited by David Runge
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information