Software Prerequisites

Before you install PQSDK:

Refer to the latest Release Notes at https://nshieldsupport.entrust.com/hc/en-us/sections/360001115837-Release-Notes for hardware and software compatibility, and known and fixed issues.
Check you have the Security World software installed, and a working Security World configured. See Security World software.
Check you have the CodeSafe software installed. See CodeSafe.
Check that you have a suitable firmware version on your nShield HSM. See HSM Firmware.
Remove any previous installations of PQSDK. See Remove existing nShield Post-Quantum Software Development Kit.
Check that you have a usable OCS, and that it is present.
Check that you have the required third party software installed. See Third party software.

This release of PQSDK is compatible with Linux only. See the PQSDK Release Notes for the list of compatible operating systems and versions.

Security World software

PQSDK requires nShield Security World software to be installed, and a working Security World to be configured. To confirm that there is a usable Security World, use the nfkminfo command:

nfkminfo

If the Security World is usable then the state line in the nfkminfo output shows Usable.

World
    generation 2
    state 0x37270008 Initialised Usable Recovery !PINRecovery !ExistingClient RTC NVRAM FTO AlwaysUseStrongPrimes !DisablePKCS1Padding !PpStrengthCheck !AuditLogging SEEDebug
…

Additionally, your hardserver should have appropriately configured priv_port and nonpriv_port settings.

[server_startup]
nonpriv_port=9000
priv_port=9001

For further information on installing Security World software and creating a Security World, see the User Guide shipped with your nShield Security World software.

See the PQSDK Release Notes for supported Security World Software versions.

CodeSafe

The requirements for PQSDK remote and local HSM installations are different.

PQSDK remote installations require only Security World software.
Local HSM installations require nShield CodeSafe software to be installed for building examples with the PQSDK. To confirm that CodeSafe is installed, use the elftool command:

elftool --version

If CodeSafe is installed, a message similar to the following will be printed in your terminal:

elftool, nshield (12.70.4-265-4efba9d)

See the PQSDK Release Notes for supported CodeSafe versions.

HSM Firmware

PQSDK requires a supported version of the nShield HSM firmware to be installed. To confirm the installed version, use the enquiry command.

Module #1:
...
 version              13.4.3
 speed index          20000
 rec. queue           120..250
 level one flags      Hardware HasTokens SupportsCommandState SupportsHotReset
 version string       13.4.3-338-6c66aa0d
 checked in           00000000649dc17c Thu Jun 29 13:38:04 2023
 level two flags      none
...

In this example, the installed firmware version is 13.4.3. See the PQSDK Release Notes for supported firmware versions.

In addition, for nShield XC, you must enable the Unrestricted SEE feature. This is indicated by the presence of SEE Activation (EU+10) in the enabled features seen in FET.

For nShield 5, you must enable the SEE Activation feature. This is indicated by the presence of SEE Activation, Codesafe 5 in the enabled features seen in FET.

Third party software

PQSDK requires following third party software to be installed:

CMake 3.13.0 (or higher).
GCC version 4.8.5 (or higher).
GNU Make version 3.82 (or higher).
Java Development Kit (Java 8) version 1.8.0_362 (or higher).
Apache Ant version 1.9.4 (or higher).

Remove existing nShield Post-Quantum Software Development Kit

Please see Uninstallation for uninstallation instructions.