The SAM Maintenaince usage scenario includes administrative functions for basic management of the Signature Activation Module (SAM).
The administrative functions include:
-
Check Code/Data Integrity: checking code/data integrity of all modules of the SAM subsystem before startup
-
Start / Stop: starting and stopping the the SAM (service)
-
Initialize SAM Firmware / Set IdP Public Keys: Initializing of SAM Firmware and importing of IdP Public Keys to it
The administrative functions are implemented by management scripts which can be called by two authorized administrators via the SAM Management Command Line Interface.
The operation Check Code Integrity is carried out for the subsystem of the SAM Service module and for the SAM MAN module by the Linux command sha512sum. The expected checksums are stored in a configuration file. The expected checksums are stored in a configuration file, which must be created in advance using the shell script checksumSAM.sh.
The operation Check Data Integrity is performed by calling the appropriate methods via the REST Service provided by the module SAM Service.
The operation Set IdP Public Keys imports a certain number of public keys to the SAM firmware (when it is started) to verify the ID tokens issued and signed by the IdP. ‘Initialize SAM Firmware’ initializes the SAM Firmware and for example derives key material from the used MBK necessary for providing the functions of the SAM Firmware.