Enable features on PCIe and USB HSMs

View enabled features

The Feature Enable Tool can be used to view the status of modules connected to the host or to confirm that a feature has been successfully enabled on all modules connected to the host. To view the status of features, run the tool without a smart card.

Some features do not appear in the default output from the Feature Enable Tool because they are no longer sold. To see the status of all features, run fet --show-all.

Enable features with a smart card

When it is launched, the Feature Enable Tool automatically scans the smart card readers of all modules attached to a host computer for any Feature Enabling smart cards present in the smart card readers, including imported Remote Operator slots and Dynamic Slots. However, feature enable smart cards do not work in Dynamic Slots.

To enable a new feature with a Feature Enabling smart card from Entrust:

  1. Insert the Feature Enabling card from Entrust into a slot available to the module to be updated, excluding any Dynamic Slots.

  2. Run the fet command-line utility to start the Feature Enable Tool.

A message is displayed if the features are enabled successfully. If you do not see this message confirming a successful upgrade, see Enable features without a smart card.

Enable features without a smart card

The Feature Enable Tool can also obtain the Feature Enabling Certificate information supplied by Entrust from a file or from the keyboard.

When you run the Feature Enable Tool without a Feature Enabling smart card in an HSM slot, a message similar to the following is displayed. There is a line for the features on each module, and a list of options.

In this example, only one module (ESN 14BD-B089-E078) is attached to the host.

                         Feature Enable Tool
                         ===================

                      ISO Smart Card Support
                      |  Remote Operator
                      |  |  Korean Algorithms
                      |  |  |  SEE Activation (EU+10)
                      |  |  |  |  SEE Activation (Restricted)
                      |  |  |  |  |  SEE Activation, CodeSafe 5
                      |  |  |  |  |  |  Elliptic Curve algorithms
                      |  |  |  |  |  |  |  Elliptic Curve MQV
                      |  |  |  |  |  |  |  |  Fast RNG for ECDSA
                      |  |  |  |  |  |  |  |  |  HSM Speed Rating
Mod   Electronic      |  |  |  |  |  |  |  |  |  |
No.  Serial Number
 1  14BD-B089-E078 -- Y  Y  Y  N  N  Y  Y  Y  Y  High Speed

0. Exit Feature Enable Tool.
1. Read FEM certificate(s) from a smart card or cards.
2. Read FEM certificate from a file.
3. Read FEM certificate from keyboard.
4. Write table to file.

Enter option :
When using the option to read the FEM certificate from a file you must either enter a fully qualified filename or alternatively run the fet command from the directory in which the FEM certificate is stored. You may also use fet -c [FILENAME] to specify the filename directly on the command line.