Maintenance of nShield Hardware

This chapter describes maintenance steps for your nShield hardware installation.

After installing your nShield HSM by following the Installation Guide, Entrust recommend that you use some of the provided software utilities to monitor your installation. Specifically, the stattree command allows reporting of voltages and temperatures from your module.

For more information regarding stattree, see stattree: information utility.

Voltage Monitoring for Battery Replacement

All of the voltage rails in the nShield HSM are monitored to protect against potential over- or under-voltage attacks. You can view the most recent measurement of the voltages using the stattree command.

These modules also contain a user-replaceable battery. The battery powers security functions on the module when the main module power is removed, for example when the host is turned off, so it is expected that the battery voltage will drop over time as the battery drains. To avoid module downtime due to battery replacement we recommend that the battery voltage is monitored regularly, especially if a module has had its main power removed for considerable time.

CPUVoltage10 reported by stattree under the ModuleEnvStats node tag displays the current battery voltage:

+PerModule:
   +#1:
      +ModuleEnvStats:
         ...
         -CPUVoltage10         3.16
         ...

The battery supplied with the nShield HSM has a nominal voltage of 3.0V. In the above example the battery is fully charged and has been measured at 3.16V, which is within the acceptable range of 2.46V - 3.55V. If the battery voltage is measured to be lower than 2.46V, the module will report an SOS-B1 error. See Error codes for more information regarding error reporting.

Contact Support to request information regarding a replacement battery if stattree reports the battery voltage to be below 2.70V.

Consult the Installation Guide for instructions on replacing the battery in your module.

Temperature Monitoring for Airflow Validation

Temperatures within a module are monitored to protect against potential attacks, and to prevent overheating. The temperatures of the processors within an nShield 5s are reported as CurrentCPUTemp1 and CurrentCPUTemp2 under the ModuleEnvStats node tag of stattree.

As an nShield 5s has a passively-cooled heatsink, care must be taken to install it in an environment with forced airflow. Refer to the Installation Guide for airflow guidance.

The table below documents the expected normal operating ranges for the temperatures of your module. Module temperatures would be expected to be within these values when installed with sufficient cooling in an approximately 20-30°C ambient air temperature environment. Calculated stattree statistics such as minima and maxima are reset on module reboot.

The temperatures in this table do not cover operation of the product across the full temperature range specified in the Warnings & Cautions and Installation Guide. This is because these values are recommendations to ensure a long product lifetime, thus are specified for 20-30°C ambient air operation.
stattree Statistic Description Minimum expected in optimum environment Maximum expected in optimum environment

CurrentCPUTemp1

First processor temperature

10°C

75°C

CurrentCPUTemp2

Second processor temperature

10°C

78°C

MaxTempC

Maximum temperature measured on either processor

-

78°C

MinTempC

Minimum temperature measured on either processor

10°C

-

If any of the above temperatures are reporting higher than their specified maximum it is likely your nShield hardware does not have sufficient cooling. Please refer to the Installation Guide to confirm your cooling setup.