SAKA ships with the HSM driver pre-built by default, so for most customers it is not necessary to build the driver. But there may be times when the security requirements of a deployment demand that the driver be built from source after the appliance has been shipped to a customer. If this is the case, follow these steps as the root user to build the driver:
-
Copy the StrongKey-supplied HSM distribution to the folder
/usr/local/software/hsmon the appliance. -
Check the sha1sum and sha256sum of the distribution against the values provided by StrongKey.
-
Untar the distribution in
/usr/local/software/hsm. -
Change directory to
/usr/local/software/hsm/utimaco. -
Execute the install_HSM.sh script.
Building the HSM driver is complete. An example of this process follows:
shell> sha1sum /usr/local/software/hsm/Utimaco-HSM-Distribution-4.00.0.5.tgz b3bdf74383b7840b2d064fca68b383a558c6e35e /usr/local/software/hsm/Utimaco-HSM-Distribution-4.00.0.5.tgz shell> sha256sum /usr/local/software/hsm/Utimaco-HSM-Distribution-4.00.0.5.tgz 7ea615bdb0cd5d2ef5f5b43091e7b650abb953616e860ac940802dcd6069fe22 /usr/local/software/hsm/Utimaco-HSM-Distribution-4.00.0.5.tgz shell> tar zxf /usr/local/software/hsm/Utimaco-HSM-Distribution-4.00.0.5.tgz -C /usr/local/software/hsm shell> cd /usr/local/software/hsm/utimaco shell> ./install_HSM.sh Installing HSM ... make -C /usr/src/kernels/2.6.32-358.el6.x86_64 SUBDIRS=/usr/local/software/hsm/utimaco/V4.00.0.5/Software/Linux/Driver modules make[1]: Entering directory '/usr/src/kernels/2.6.32-358.el6.x86_64' CC [M] /usr/local/software/hsm/utimaco/V4.00.0.5/Software/Linux/Driver/cs2.o Building modules, stage 2. MODPOST 1 modules CC /usr/local/software/hsm/utimaco/V4.00.0.5/Software/Linux/Driver/cs2.mod.o LD [M] /usr/local/software/hsm/utimaco/V4.00.0.5/Software/Linux/Driver/cs2.ko.unsigned NO SIGN [M] /usr/local/software/hsm/utimaco/V4.00.0.5/Software/Linux/Driver/cs2.ko make[1]: Leaving directory '/usr/src/kernels/2.6.32-358.el6.x86_64'