Morse code error messages

If a Hardware Security Module (HSM) encounters an unrecoverable error, it enters the error state. In the error state, the module does not respond to commands and does not write data to the bus.

The blue Status LED flashes the Morse distress code (SOS: three short pulses, followed by three long pulses, followed by three short pulses). The Morse distress code is followed by one of the error codes listed in the tables shown in this guide.

For nShield HSMs running firmware 2.61.2 and above, the error code listed in this chapter is also reported by the enquiry utility in the hardware status field of the Module. You can also find it under hardware errors in the hardserver log (network-attached HSMs).

Errors are a rare occurrence. If any module goes into the error state, except as a result of you issuing the Fail command, contact Support, and give full details of your set up and the error code.

Contact Support even if you successfully recover from the error by taking the recommended action. For troubleshooting information, see the relevant Installation Guide for your module type.

Reading Morse code

The following guidelines are useful when reading Morse code messages from the module:

  • The duration of a dash (-) is 3 times the duration of a dot (.).

  • The gap between components of a letter has the same duration as a dot.

  • The gap between letters has the same duration as a dash.

  • The duration of the gap between repeated series of letters (a Morse code word gap) is 7 times the duration of a dot.

The following table shows the error codes corresponding to numerals.

Numeral Morse

1

. - - - -

2

. . - - -

3

. . . - -

4

. . . . -

5

. . . . .

6

- . . . .

7

- - . . .

8

- - - . .

9

- - - - .

0

- - - - -

Runtime library errors

Memory failures can occur if the module is exposed to excessive heat. If you experience these errors, check the ventilation around the module. The module generates considerable heat and, if not well ventilated, may be operating at too high a temperature, even if the rest of your server room is at an appropriate temperature.

The runtime library error codes could be caused by firmware bugs or by faulty hardware. If any of these errors is indicated, reset the module.

Code Meaning

O L C

- - -

. - . .

- . - .

SIGABRT: assertion failure and/or abort() called.

O L D

- - -

. - . .

- . .

Interrupt occurred when disabled.

O L E

- - -

. - . .

.

SIGSEGV: access violation.

O L I

- - -

. - . .

. .

SIGSTAK: out of stack space.

O L J

- - -

. - . .

. - - -

SIGFPE: unsupported arithmetic exception (such as division by 0).

O L K

- - -

. - . .

- . -

SIGOSERROR: runtime library internal error.

O L N

- - -

. - . .

- .

SIGFATALPANIC: error in error handling code.

Codes OLD, and OLE are more likely to indicate a hardware problem than a firmware problem.

To reset a unit that is in an error state, turn off the unit and then turn it on again.

Hardware driver errors

In general, the hardware driver error codes described in the following table indicate that some form of automatic hardware detection has failed. As well as indicating simple hardware failure, one of these error codes could indicate that there is a bug in the firmware or that the wrong firmware has been loaded.

In the following table, the symbol “#” stands for a given numeral’s Morse code representation.

If any of these errors is indicated, contact support.

Code Meaning

HL

. . . .

. - . .

M48T37 NVRAM (or battery) failed

H B

. . . .

- . . .

Debug serial port initialization failed.

H C

. . . .

- . - .

Processing thread initialization failed.

HCP

. . . .

- . - .

. - - .

Card poll thread initialization failed.

H D

. . . .

- . .

Failure reading unique serial number.

H E

. . . .

.

EEPROM failed on initialization.

HF

. . . .

. . - .

Starting up crypto offload.

H I

. . . .

. .

Interrupt controller initialization failed.

H M

. . . .

- -

System hardware initialization failed.

H O

. . . .

- - -

Token interface initialization failed.

H R

. . . .

. - .

Random number generator failed.

This code may also be generated if an attempt is made to downgrade firmware on an nShield Solo+ to version 2.50.x or older.

HRS

. . . .

. - .

. . .

RNG startup failed.

HRTP

. . . .

. - .

-

. - - .

Periodic (scheduled daily) RNG selftest failed.

HRM

. . . .

. - .

- -

RNG data matched.

HS

. . . .

. . .

Unexpected error from SCSI controller or host interface initialization failed.

HV

. . . .

. . . -

Environment sensors failed (for example, temperature sensor)

HCV

. . . .

- . - .

. . . -

CPLD wrong version for PCI policing firmware.

H P P

. . . .

. - - .

. - - .

PCI Interface Policing failure.

HST

. . . .

. . .

-

Speed test failed.

H H R

. . . .

. . . .

. - .

RTC hardware detection failed or random number generator detection failed.

H R H

. . . .

. - .

. . . .

RNG hardware failed during operation

KR

- . -

. - .

RSA selftest failed.

H M n

. . . .

- -

#

DSP n failed self-test at start up.

H C n C A

. . . .

- . - .

#

- . - .

. -

CPU n failed self-test; no memory for cached RAM test.

H C n C C

. . . .

- . - .

#

- . - .

- . - .

CPU n failed self-test; CPU ID check failed.

H C n C F

. . . .

- . - .

#

- . - .

. . - .

CPU n failed self-test; freeing memory for cached RAM test.

H C n C G

. . . .

- . - .

#

- . - .

- - .

CPU n failed self-test; setting up cached RAM test.

H C n C R

. . . .

- . - .

#

- . - .

. - .

CPU n failed self-test; read error during cached RAM test.

H C n C V

. . . .

- . - .

#

- . - .

. . . -

CPLD version number incorrect (PCIe HSMs).

H C n C W

. . . .

- . - .

#

- . - .

. - -

CPU n failed self-test; write error during cached RAM test.

H C n H D

. . . .

- . - .

#

. . . .

- . .

DRBG n failed self-test.

H C n K A

. . . .

- . - .

#

- . -

. -

CPU n failed selftest - AES known-answer test.

H C n K B

. . . .

- . - .

#

- . -

- . . .

CPU n failed selftest - AES CMAC known-answer test.

H C n K C

. . . .

- . - .

#

- . -

- . - .

CPU n failed selftest - ECDSA known-answer test

H C n K E

. . . .

- . - .

#

- . -

.

CPU n failed self-test; DES known-answer test.

H C n K F

. . . .

- . - .

#

- . -

. . - .

CPU n failed self-test; Triple-DES known-answer test.

H C n K H

. . . .

- . - .

#

- . -

. . . .

CPU n failed self-test; SHA-1 known-answer test.

H C n K I

. . . .

- . - .

#

- . -

. .

CPU n failed selftest - HMAC-SHA512 known-answer test.

H C n K J

. . . .

- . - .

#

- . -

. - - -

CPU n failed selftest - HMAC-SHA256 known-answer test.

H C n K M

. . . .

- . - .

#

- . -

- -

CPU n failed self-test; HMAC-SHA1 known-answer test.

H C n K N

. . . .

- . - .

#

- . -

- .

CPU n failed selftest - HMAC-SHA224 known-answer test.

H C n K P

. . . .

- . - .

#

- . -

. - - .

CPU n failed selftest - HMAC-SHA384 known-answer test.

H C n K R

. . . .

- . - .

#

- . -

. - .

CPU n failed selftest - RSA known-answer test

H C n K S

. . . .

- . - .

#

- . -

. . .

CPU n failed self-test; DSA known-answer test.

H C n L C

. . . .

- . - .

#

. - . .

- . - .

CPU n failed self-test; locking check.

H C n P S

. . . .

- . - .

#

. - - .

. . .

CPU n failed self-test; test terminated at start.

H C n RT

. . . .

- . - .

#

. - .

-

CPU n failed selftest - RTC check.

H C n S A

. . . .

- . - .

#

. . .

. - - .

CPU n failed self-test; no memory for uncached RAM test.

H C n S F

. . . .

- . - .

#

. . .

. . - .

CPU n failed self-test; freeing memory for uncached RAM test.

H C n S R

. . . .

- . - .

#

. . .

. - .

CPU n failed self-test; read error during uncached RAM test.

H C n S W

. . . .

- . - .

#

. . .

. - -

CPU n failed self-test; write error during uncached RAM test.

H C n T S

. . . .

- . - .

#

-

. . .

CPU n failed self-test; could not start test.

Maintenance mode errors

The following error codes indicate faults encountered when a module is in the maintenance mode.

Code Meaning Action

I D

. .

- . .

Copies of metadata do not match when trying to run image.

Contact Support.

I H

. .

. . . .

Bad metadata: hash mismatch.

Repeat firmware upgrade.

I I

. .

. .

Execution image does not match metadata.

Contact Support.

I L

. .

. - . .

Bad metadata: either bad length or bad metadata when running loadboot application.

Repeat firmware upgrade.

I M

. .

- -

Bad metadata: malformed ImageMetaData.

Repeat firmware upgrade.

I P

. .

. - - .

Bad metadata: bad padding.

Repeat firmware upgrade.

I R

. .

. - .

Bad metadata: extra bytes at end.

Repeat firmware upgrade.

I S

. .

. . .

Image entry point not found.

Contact Support.

I U

. .

. . -

Bad metadata: ROM blank.

Repeat firmware upgrade.

I X

. .

- . . -

Bad metadata: malformed header.

Repeat firmware upgrade.

J H

. - - -

. . . .

Both copies of metadata invalid.

Contact Support.

H Z E

. . . .

- - . .

.

Monitor checksum failed.

Contact Support.

K F E

- . -

. . - .

.

Flash sector erase failed.

Repeat firmware upgrade.

K F P

- . -

. . - .

. - - .

Flash sector program failed.

Repeat firmware upgrade.

M M D

- -

- -

- . .

No memory for download buffer.

Contact Support.

For instructions on upgrading module firmware, see the appendix in the User Guide for your module type.

Operational mode errors

The following runtime library error codes could be caused by either bugs in the firmware or faulty hardware.

Code Meaning Action

D

- . .

Fail command received.

Reset module by turning it off and then on again.

T

-

Temperature of the module has exceeded the maximum allowable.

Restart your host computer, and improve module cooling.

G G G

- - .

- - .

- - .

Failure when performing ClearUnit or Fail command.

Contact Support.

I J A

..

. - - -

. -

Audit logging: failed to send audit log message.

Contact Support.

I J B

..

. - - -

- …​

Audit logging: no module memory (therefore failed to send audit log message).

Contact Support.

I J C

..

. - - -

-.-.

Audit logging: key problem or FIPS incompatibility (therefore failed to sign audit log message).

Contact Support.

I J D

..

. - - -

-..

Audit logging: NVRAM problem (therefore failed to configure or send audit log message).

Contact Support.

SOS IJA can occur for any type of log message (i.e. a log message, signature block or certifier block).
To improve the cooling of your PCIe module, increase the distance between PCIe cards, and increase the airflow through your host computer.

Solo XC tamper event errors

The following error codes indicate a hard tamper event has occurred on a Solo XC module. The Solo XC will become non-operational if tamper event error is indicated.

If a tamper event error occurs the Solo XC module must be destroyed or returned to Entrust.
Code Meaning Action

TT

-

-

Hard temperature tamper

Contact Support

VV

. . . -

. . . -

Hard voltage tamper

Contact Support

T

.

Soft temperature tamper

Contact Support

V

. . . -

Soft voltage tamper

Contact Support

B

- . . .

Low battery voltage, <2.5V

Contact Support

HI2C

. . . .

. .

. . - - -

- . - .

I2C Failure

Contact Support

WD0

. - -

- . .

- - - - -

Watchdog 0 failure

Contact Support

WD1

. - -

- . .

. - - - -

Watchdog 1 failure

Contact Support

WD2

. - -

- . .

. . - - -

Watchdog 2 failure

Contact Support

WD3

. - -

- . .

. . . - -

Watchdog 3 failure

Contact Support

Other errors

Code Meaning Action

SFP

The Security Fuse Processor (SFP) has failed and is unable to handle further requests sent from the client’s hardserver.

Restart the HSM. This resets the SFP.

If this does not resolve the issue, or the SFP fails again, contact Entrust Support.

For information on error codes not listed on this page, contact Entrust nShield Technical Support: nshield.support@entrust.com.