Firmware updates for the SmartCard-HSM are available in the PKI-as-a-Service Portal.
The firmware can only be updated on an empty SmartCard-HSM. You need to remove all keys, certificates and data files first.
During the firmware update, the SmartCard-HSM receives a new device authentication certificate, so any previous registration at the PKI-as-a-Service portal will need to be renewed.
Recovering from a failed Firmware Update
Updating the firmware is a complex process and complex matters tend to go wrong.
The key issue with a failed update is, that you lose the ability to authenticate with that SmartCard-HSM at the portal. You can not just log-in again and retry the update.
If the update process is interrupted half way, then the system will create a recovery token that you can use to manually complete the firmware update. Please make sure you note down the recovery token before closing the browser window.
To perform a recovery, you will need to start the OCF daemon on the command line:
- Locate the file ocf-cc.jar downloaded as part of the PKI-as-a-Service client.
- Open a command shell and change into the directory containing the ocf-cc.jar.
- If you have multiple card readers attached, then first list all readers with
java -jar ocf-cc.jar -lCut and paste the reader name and add it with
-r "Reader Name"in the following command.
- Complete the update with
java -jar ocf-cc.jar https://www.pki-as-a-service.net/rt/paas?TOKENreplace "TOKEN" with the recovery token.