Platform services and (nShield 5 HSMs)

The nShield HSM firmware provides multiple services which manage different parts of the system. Each service has its own SSH keys that allow communication with the service, see separation of services.

This allows you to partition the users of the system into different groups and restrict certain user groups to the use of certain services by restricting who has access to the relevant keys.

There are two major groups of services:

  • Platform services

  • End-user services

Platform services are used to perform the tasks associated with the installation, commissioning, and maintenance of the HSM firmware and hardware.

There will only ever be one instance of each platform service running at any one time.

End-user services are used to provide cryptographic services to the end-user. If your firmware supports multi-tenancy then there could be multiple instances of end-user services running concurrently.

End-user services

ncoreapi service

The ncoreapi service provides cryptographic services to the end user. This can either be via custom applications created by the end user accessing services using the ncoreapi service, as described in nCore API Documentation and Cryptographic API, or by using the utilities provided on the installation media.

Platform services

updater service

This services provides functions to upgrade the HSM firmware.

setup service

This service provides functions to view the HSM 'lifetime' data installed in the factory and to return the HSM to factory settings.

monitor service

This service provides functions to retrieve and clear logs stored within the HSM.

sshadmin service

This service provides functions to manage the SSH keys used by the platform services. If your system has not been configured for multi-tenancy the sshadmin service also manages the keys for the ncoreapi service.

launcher service

On versions with CodeSafe 5 support, this is used for starting CodeSafe 5 applications on the HSM.

Administration of platform services

The administration of platform services is described in Administration of platform services (nShield 5 HSMs)

An interlock mechanism prevents most platform services from being accessed when the ncoreapi service is in operational mode:

  • Non-invasive services that only access information, such as log retrieval or a firmware version check, can be used while ncoreapi is running.

  • Invasive services that would change the platform’s state, such as log clearing or firmware updates, cannot be used while ncoreapi` is running.

To access invasive platform services the ncoreapi service must be put into maintenance mode using nopclearfail -M -m <MODULEID> -w.

For example:

>nopclearfail -M -m 1
Module 1, command ClearUnitEx: OK

Separation of services

Each service has its own communication channel with the host PC that is protected by use of SSH encryption. The procedure for installing the necessary SSH keys for platform services is described in Set up communication between host and module (nShield 5s HSMs). If your system has not been configured for multi-tenancy this procedure will also install the SSH keys for the end-user services.