Using the Hardware Service Manager
Hardware service manager is a tool for displaying and working with the IBM i system hardware from both a logical and a packaging viewpoint, an aid for debugging input/output (I/O) processors and devices, and is also used to reinitialize the Cryptographic Coprocessor (set it back to an un-initialized state).
When the Cryptographic Coprocessor is re-initialized, the Cryptographic Coprocessor Licensed Internal Code is reloaded into the Coprocessor. Some but not all program temporary fixes (PTFs) for the Coprocessor licensed internal code may require the use of hardware service manager to activate them. This extra step is included to allow you to prepare for recovery because reloading certain segments of the licensed internal code will cause any configuration data including master keys, retained RSA private keys, roles, and profiles to be lost.
There may be situations where the Cryptographic Coprocessor must be reset back to an unintialized state. For example, if the Coprocessor is not configured correctly, there could be a scenario where the Coprocessor cannot perform any useful function and cannot be corrected using the Cryptographic Coprocessor configuration utility or a user-written application. Another example is if the passwords for the administrative profiles are forgotten and no other profile uses a role that is authorized to change passwords.
Hardware service manager is found in System Service Tools. To use the Hardware service manager, proceed as follows:
- Use the Start System Service Tools (STRSST) CL command
by typing STRSST at the CL command line and
pressing enter. The System Service Tools Signon display should be shown.
Start Service Tools (STRSST) Sign On SYSTEM: RCHSYS01 Type choice, press Enter. Service tools user . . . . . ________ Service tools password . . . ________ F3=Exit F9=Change Password F12=Cancel
- Enter the service tools user profile name and password.
The System Service Tools display should appear.
System Service Tools (SST) Select one of the following: 1. Start a service tool 2. Work with active service tools 3. Work with disk units 4. Work with diskette data recovery 5. Work with system partitions 6. Work with system capacity Selection 1 F3=Exit F10=Command entry F12=Cancel
- Select 1 to start a service tool
and press Enter. The Start a Service Tool display will be shown.
Start a Service Tool Warning: Incorrect use of this service tool can cause damage to data in this system. Contact your service representative for assistance. Select one of the following: 1. Product activity log 2. Trace Licensed Internal Code 3. Work with communications trace 4. Display/Alter/Dump 5. Licensed Internal Code log 6. Main storage dump manager 7. Hardware service manager Selection 7 F3=Exit F12=Cancel F16=SST menu
- Select 7 to start Hardware Service
Manager. The Hardware Service Manager screen display shows the menu of available options.
Hardware Service Manager Attention: This utility is provided for service representative use only. System unit . . . . . . . : 9406-270 10-E67BA Release . . . . . . . . . : V6R1 (1) Select one of the following: 1. Packaging hardware resources (systems, frames, cards,...) 2. Logical hardware resources (buses, IOPs, controllers,...) 3. Locate resource by resource name 4. Failed and non-reporting hardware resources 5. System power control network (SPCN) 6. Work with service action log 7. Display label location work sheet 8. Device Concurrent Maintenance 9. Work with resources containing cache battery packs Selection 2 F3=Exit F6=Print configuration F9=Display card gap information F10=Display resources requiring attention F12=Cancel
- Select 2 to work with logical hardware
Logical Hardware Resources Select one of the following: 1. System bus resources 2. Processor resources 3. Main storage resources 4. High-speed link resources Selection 1 F3=Exit F6=Print configuration F12=Cancel
- From the Logical Hardware Resources display, select 1 to
show system bus resources.
Logical Hardware Resources on System Bus System bus(es) to work with . . . . . . *ALL *ALL, *SPD, *PCI, 1-511 Subset by . . . . . . . . . . . . . . . *CRP *ALL, *STG, *WS, *CMN, *CRP Type options, press Enter. 2=Change detail 4=Remove 5=Display detail 6=I/O Debug 8=Associated packaging resource(s) 9=Resources associated with IOP Resource Opt Description Type-Model Status Name _ HSL I/O Bridge 28DA- Operational BC13 _ Bus Expansion Adapter 28DA- Operational BCC02 _ System Bus 28DA- Operational LB01 _ Multi-Adapter Bridge 28DA- Operational PCI01D _ Bus Expansion Adapter 28DA- Operational BCC07 – System Bus 28DA- Operational LB06 – Multi-adapter Bridge 28DA- Operational PCI02D More... F3=Exit F5=Refresh F6=Print F8=Include non-reporting resources F9=Failed resources F10=Non-reporting resources F11=Display serial/part numbers F12=Cancel
- Page down until you see the IOP that contains the Cryptographic
Coprocessor. Type 9 next to the IOP. Otherwise,
filter the list by typing *CRP for the Subset
by field and then type 9 next to
the IOP that contains the Cryptographic Coprocessor. You should then see the Logical Hardware Resources Associated with IOP display.
Logical Hardware Resources Associated with IOP Type options, press enter. 2=Change detail 4=Remove 5=Display detail 6=I/O Debug 7=Verify 8=Associated packaging resource(s) Resource Opt Description Type-Model Status Name _ Virtual IOP 4764-001 Operational CMB04 _ Cryptography Adapter 4764-001 Operational CRPCTL01 6 Cryptography Device 4764-001 Operational CRP04 F3=Exit F5=Refresh F6=Print F8=Include non-reporting resources F9=Failed resources F10=Non-reporting resources F11=Display serial/part numbers F12=Cancel
- Type 6 next to the cryptography
device that you want to reinitialize, and then press Enter.
Select Cryptography Debug Function Select one of the following: 1. Reinitialize Flash Memory 2. Select IOP Debug Function Selection 1 F3=Exit F12=Cancel
- Select 1 to reinitialize flash memory
(reload the Cryptographic Coprocessor Licensed Internal Code). A
confirmation screen will be displayed. If you are applying a PTF
ensure that you have taken the necessary precautions regarding your
encrypted data and keys, and have a backup of the master key. Press
Enter to continue.
Reinitialize Flash Memory Function DANGER: Performing this initialization of the flash memory on the cryptography device will cause ALL key information stored on the device to be DESTROYED. This will cause all data encrypted using this device to be rendered unusable. WARNING: Performing this initialization of the flash memory on the cryptography device will take an estimated 10 minutes. Press Enter to proceed. F3=Exit F12=Cancel
The following display shows the status of the reinitialization and is updated until the reinitialization is completed.
Reinitialize Flash Memory Status Flash memory reinitialization in progress... Estimated time: 10.0 minutes Elapsed time: 2.5 minutes
When reinitialization is complete, a message will be displayed.
Select Cryptography Debug Function Select one of the following: 1. Reinitialize Flash Memory 2. Select IOP Debug Function Selection _ F3=Exit F12=Cancel Reinitialization of cryptography device was successful.
After reinitialization is complete, exit all the way out of system service tools by pressing function key F3 on each screen as necessary.