enquiry
enquiry [-m MODULE]
Obtain information about the hardserver (Security World Software server) and the modules connected to it.
-
Check if the software has been installed correctly
-
Check the firmware version
-
Check if the Remote Operator feature is enabled
-
On a network-attached HSM: Check if the Serial Console feature is available
On a PCIe or USB-attached HSM: Check the hardware status of the HSM
-
On a network-attached HSM: Check the hardware status of internal security modules
See:
-
network-attached HSM: Testing the installation
-
PCIe or USB-attached HSM: Checking the installation
Option | Description |
---|---|
Connection options |
|
|
Views the pool of HSMs as a single resource. |
Option to address HSMs |
|
|
Specifies the number of the module to perform the tests on. |
Help options |
|
|
Displays help for |
|
Displays a brief usage summary for |
|
Displays the version number of the Security World Software that deploys |
enquiry output info
enquiry
displays information similar to that shown in the following example:
The output for remote modules contains the connection status and connection info fields.
These fields are absent for local modules.
|
Server:
enquiry reply flags none
enquiry reply level Six
serial number A815-03E0-D947
mode operational
version 12.81.2
speed index 478
rec. queue 374..574
level one flags Hardware HasTokens SupportsCommandState
version string 12.81.2-393-7b3f83e, 13.3.1-210-bfe23daa, Bootloader: 1.2.3, Security Processor: 13.3.1 , 13.4.3-349-5a0b72d8
checked in 00000000623c858f Thu Mar 24 10:51:59 2022
level two flags none
max. write size 8192
level three flags KeyStorage
level four flags OrderlyClearUnit HasRTC HasNVRAM HasNSOPermsCmd ServerHasPollCmds FastPollSlotList HasSEE HasKLF HasShareACL HasFeatureEnable HasFileOp HasLongJobs ServerHasLongJobs AESModuleKeys NTokenCmds JobFragmentation LongJobsPreferred Type2Smartcard ServerHasCreateClient HasInitialiseUnitEx AlwaysUseStrongPrimes Type3Smartcard HasKLF2
module type code 0
product name nFast server
device name
EnquirySix version 8
impath kx groups
feature ctrl flags none
features enabled none
version serial 0
level six flags none
remote port (IPv4) 9004
kneti hash 5e2ade32b47dde562a4b3f6a9c11eb75b0f40b47
rec. LongJobs queue 0
SEE machine type None
supported KML types
active modes none
remote port (IPv6) 9004
Module #1:
enquiry reply flags none
enquiry reply level Six
serial number A815-03E0-D947
mode operational
version 13.3.1
speed index 478
rec. queue 43..152
level one flags Hardware HasTokens SupportsCommandState SupportsHotReset
version string 13.3.1-210-bfe23daa, Bootloader: 1.2.3, Security Processor: 13.3.1 , 13.4.3-349-5a0b72d8
checked in 0000000063b6f493 Thu Jan 5 11:02:27 2023
level two flags none
max. write size 8192
level three flags KeyStorage
level four flags OrderlyClearUnit HasRTC HasNVRAM HasNSOPermsCmd ServerHasPollCmds FastPollSlotList HasSEE HasKLF HasShareACL HasFeatureEnable HasFileOp HasLongJobs ServerHasLongJobs AESModuleKeys NTokenCmds JobFragmentation LongJobsPreferred Type2Smartcard ServerHasCreateClient HasInitialiseUnitEx AlwaysUseStrongPrimes Type3Smartcard HasKLF2
module type code 12
product name nC3025E/nC4035E/nC4335N
device name Rt1
EnquirySix version 7
impath kx groups DHPrime1024 DHPrime3072 DHPrime3072Ex DHPrimeMODP3072
feature ctrl flags LongTerm
features enabled RemoteShare GeneralSEE StandardKM EllipticCurve ECCMQV AcceleratedECC HSMBaseSpeed
version serial 37
connection status OK
connection info esn = A815-03E0-D947; addr = INET/192.168.156.32/9004; ku hash = 3a75d883a3bca6e3d277ea3ca0f9179b31ed40c3, mech = Any
image version 13.4.3-294-5a0b72d8
level six flags SerialConsoleAvailable
max exported modules 4100
rec. LongJobs queue 42
SEE machine type PowerPCELF
supported KML types DSAp1024s160 DSAp3072s256
using impath kx grp DHPrimeMODP3072
active modes UseFIPSApprovedInternalMechanisms AlwaysUseStrongPrimes FIPSLevel3Enforcedv2
hardware status OK
Flag explanations
Level one flags
Flag | Explanation |
---|---|
|
Set if this is a hardware module. |
|
Set if the module has a hardware token interface, such as a smart card reader. |
|
The module is in maintenance mode. |
|
The module is in initialisation mode. |
|
The module is in pre-maintenance or pre-initialisation mode. |
|
Firmware versions earlier than 13.5: The module enters this state following a firmware upgrade. When in this state it cannot be used, it can only be changed into the pre-maintenance or pre-initialisation states to load new firmware or be initialised. Firmware versions 13.5 and later: This flag is never set. The module enters pre-initialisation mode following a firmware upgrade. |
|
The firmware supports the |
|
The firmware supports hot reset (for |
Level two flags
These flags are not used in practise.
The Level two flags
value will always be none
.
Level four flags
Flag | Explanation |
---|---|
|
The module supports |
|
The module has an onboard real-time clock. |
|
The module has onboard nonvolatile memory. |
|
The module supports the |
|
The server supports the |
|
The module issues asynchronous notifications to the server when tokens are inserted, removed, or modified. |
|
The module supports the Secure Execution Engine (SEE). |
|
The module has a KLF long-term fixed signing key. |
|
The module supports setting ACLs on logical token shares, the |
|
The module supports feature-enabled functions. |
|
The module supports operations using nonvolatile memory, and the |
|
The module supports the PCI push interface. This increases the speed of commands on the PCI bus, improving performance for certain channel commands. |
|
The module has a separate logical interface capable of receiving jobs from, for instance, the OS kernel. This facility requires support from the driver. |
|
The module supports the command flag |
|
The hardserver understands the command flag |
|
The module supports AES module keys. |
|
The module is an nToken. |
|
The module supports fragmentation of large commands and replies to and from the host. |
|
The module is happy to receive all commands as LongJobs, that is jobs with no timeout. |
|
The module supports type 2 (Payflex) smartcards. |
|
The server can accept the |
|
The module supports the |
|
The module is behaving as if the |
|
The module supports type 3 smartcards (original Remote Administration Ready Athena Javacards supported v12.0 onwards). |
|
The module has a KLF2 long-term fixed signing key. |
|
All cryptographic mechanisms which use PKCS #1 v1.5 padding are disabled. If this is enabled, raw RSA encryption/decryption is still supported by the RSA OAEP mechanisms. |
|
The module supports the PCI push pull interface. This increases the speed of commands on the PCI bus in both directions, improving performance for certain channel commands. |