This document describes installation of the Run-time Environment for Sentinel LDK and Sentinel HASP, using DEB under the supported Ubuntu and Debian operating systems. ("Sentinel LDK" is the next generation of the Sentinel HASP system.)
The following topics are discussed:
The following Linux Intel (x86 and x86_64) distributions are supported:
The operating system versions listed in this section were tested by Gemalto and verified to be fully compatible with Sentinel LDK. For reasons of compatibility and security, Gemalto recommends that you always keep your operating system up to date with the latest fixes and service packs.
For a list of the virtual environments supported, see "Supported Platforms for End Users" in the Sentinel LDK Release Notes.
The latest Release Notes can be seen at: http://sentinelldk.gemalto.com/LDKdocs/RN
Warning: If you downgrade the Run-time Environment to a previous version, license storage may become inaccessible. Licenses may be missing, and commands will fail with the HASP_DEVICE_ERR error. To recover, reinstall the latest Run-time Environment, although this may cause some licenses to be marked as "cloned".
Perform the following steps to install or upgrade the Run-time Environment for Sentinel LDK or Sentinel HASP:
Disconnect your Sentinel HL key (if any) from the computer.
Open a terminal window and navigate to the directory containing the downloaded installation file.
As root, enter the following command:
dpkg -i aksusbd_7.92-1_i386.deb
dpkg -i aksusbd_7.92-1_amd64.deb
Note: For Ubuntu 18.04 and later, you cannot install the 386 package on a 64-bit system.
Note: At this point, for older HASP HL keys, the firmware on the HL key may be automatically upgraded. During the upgrade process, the key will blink continuously. Do not remove the key while it is blinking. If you remove the key too soon, the key may no longer be visible in Admin Control Center. If the key is not visible, or if the upgrade does not occur, refer to "Upgrading HASP HL Key Firmware" below.
For additional information, see “Upgrading Sentinel LDK Run-Time Environment (RTE) Installer” in the Sentinel EMS Configuration Guide.
Do the following if you want to uninstall the Run-time Environment:
sudo dpkg -r aksusbd | Reference | Description |
|---|---|
| SM-50889 SM-50902 SM-50900 |
Certain important security issues were resolved. For more information, see the reference to article KB0018794 in the Gemalto Security Updates page: https://sentinel.gemalto.com/technical-support/security-updates-sm/ Gemalto acknowledges and thanks Artem Zinenko from Kaspersky Lab ICS CERT for responsible disclosure of these vulnerabilities. As part of the resolution for these issues, Admin Control Center no longer supports importing external language packs (either online or offline). Translated user interface files are included in the RTE installer. The end user now selects the desired language for the interface by clicking the name of the language instead of clicking a country flag image. |
This section describes enhancements implemented and issues resolved in the last three major releases of Sentinel Run-time Environment.
The revision history for earlier versions of Sentinel Run-time Environment is available at: http://sentinelldk.gemalto.com/Default.htm
| Reference | Description |
|---|---|
| SM-17431 | The License Manager now supports the use of custom clone protection schemes. |
| SM-34308 |
In Admin Control Center, the configuration parameter Allow Remote Access to ACC and Admin API has been split into two independent parameters:
This provide more granular control of access from a remote machine. You can now allow or deny access separately for Admin Control Center and for Admin API. (A corresponding split for configuration parameters was implemented in Sentinel Admin API.) When the License Manager is upgraded to version 7.90, each new parameter is assigned the value that was assigned to the original parameter. As a result, after the upgrade, there is no change in access granted. |
| SM-40306 | The License Manager and the Licensing API now honor a CPU mask that was set by the user. |
| Reference | Description |
|---|---|
| SM-27901 | The revision history of all enhancements implemented and issues resolved for earlier versions of the RTE is now available online at: http://sentinelldk.safenet-inc.com/Default.htm |
| SM-30222 SM-30886 |
Several security improvements have been implemented. |
| Reference | Description |
|---|---|
| SM-28148 |
The hasp_login function would fail to log in to a HASP4 parallel port key (the function would not fail with HASP4 UBS keys). The login would fail with the error code HASP_HASP_NOT_FOUND = 7. This issue would occur with RTE version 7.52 and later. |
| SM-31614 | The License Manager would construct the main board fingerprint incorrectly under certain circumstances. This would result in false reports of clone detection. |
| SM-33235 | Under certain circumstances, the method used to access Secure Storage would result in corruption of SL licenses. |
| Reference | Description |
|---|---|
| SM-15321 |
The Run-time Environment for Linux Intel now provides native support for both 32-bit and 64-bit architectures. You are no longer required to provide 32-bit support libraries (x86 compatibility packages) for the 64-bit architecture. Be sure to provide both 32-bit and 64-bit customized Vendor libraries with the Run-time Environment installer. |
| Reference | Description |
|---|---|
| SM-12155 | If a customer applies a V2C update from a remote machine that has the Vendor library but no license from the same vendor, the error returned was HASP_UPDATE_TOO_NEW, which was confusing. Now the error returned is HASP_KEYID_NOT_FOUND. |
| SM-14373 | When installing the Run-time Environment in a CentOS 7.x Docker, the message "Unsupported Linux distribution" was generated. |
| SM-18502 | Defining an excessive number of User Restrictions in Admin Control Center would cause the License Manager Service to fail. |
| SM-19981 | hasp_update would return an internal error for an HL Key when the license definition contains empty content in the default memory section. |
| SM-26543 | Under certain circumstances, Sentinel License Manager would crash on the REST interface with long packets. |
| SM-6477 |
Given the following circumstances:
A license was consumed for each session. (If the Feature is defined to count workstations and not sessions, only one license should have been consumed for a single SSH session from the same workstation.) |
| Reference | Description |
|---|---|
| SM-21408 | The Admin Control Center help system was missing information regarding the new “Idle Timeout of Session” configuration parameter. |
| SM-23320 | A possible security issue related to License Manager failure due to stack overflow on deep XML data (reported by Kaspersky) has been resolved. |
| SM-23402 |
A possible security issue related to buffer overflow (reported by Kaspersky) has been resolved. |
| Reference | Description |
|---|---|
| SM-13505 |
In the past, the timeout for an idle License Manager session was fixed at 12 hours. You can now set the timeout to any value between 10 minutes and 720 minutes (12 hours). The timeout value can be set as follows:
|
| SM-14894 |
Admin Control Center now adds the update counter in C2V files in clear text - for example: <update_counter>5</update_counter> |
| SM-19483 | Admin Control Center now recognizes the new V2CP format to update protection keys. This supports planned enhancements in Sentinel LDK v.7.8. |
| Reference | Description |
|---|---|
| SM-11734 | When a Licensing API operation was performed repeatedly for an extended period of time with an HL key, the hasp_login function would fail with HASP_DEVICE_ERR=43. (Disconnecting and reconnecting the key would resolve the issue.) |
| SM-15922 | Admin Control Center no longer requires the <?xml header in a V2C file. |
| SM-17175 |
After system reboot/service restart, an SL AdminMode detached license would disappear from a recipient machine that had no other licenses. |
| SM-18502 | In Admin Control Center, defining too many users in the User Restrictions field would cause the License Manager to fail. |
| Reference | Description |
|---|---|
| SM-5318 |
The Run-time Environment now supports the use of the VMType3 clone protection scheme. |
| Reference | Description |
|---|---|
| SM-13945 | The Readme files for earlier releases of Sentinel LDK Runtime Environment Installers for Linux incorrectly listed cases SM-901, SM-942, SM-4237, SM-6102, and LDK-14805 as being implemented or resolved in those releases. These cases are only relevant for Windows platforms. These cases has been removed from the cases listed in the Revision History section of this (version 7.61) Readme file and will not appear in the Revision History section in future Readme files for Runtime Environment Installers for Linux. |
| Reference | Description |
|---|---|
| SM-1286 |
You can now enter the URL to access Sentinel EMS in your Web browser without changing the EMS URL to lowercase. |
| SM-6525 |
In the past, Admin Control Center and Admin API provided a configuration parameter that determined whether a remote user could access and perform actions in Admin Control Center. However, this parameter did not control remote access to Admin API. |
| Reference | Description |
|---|---|
| SM-515 | It was possible to rehost a cloned license to another machine. |
| SM-518 |
The Diagnostics report in Admin Control Center (Diagnostics > Generate Report) displays information on "Recent Clients" and "Recent Users". Each entry contained a time stamp but not a date stamp. The report has been corrected to display both a time stamp and a date stamp for each entry. |
| SM-552 |
On Linux and Mac machines, Admin Control Center would fail to download additional languages when the user clicked the More Languages option. |
| SM-507 |
When an end user would unpack a Run-time Environment that was configured for the user by Sentinel EMS, the following warning was displayed: |
| SM-555 |
When started, the License Manager would display warning messages similar to: There are no functionality issues related to these warning messages. |
| SM-3687 |
A number of issues would occur under Arch Linux-2017.01.01-X64:
|
| SM-9496 |
The License Manager and API no longer change the CPU affinity mask to force the process to run on all CPUs. They now keep the default affinity that was set at the process startup. |
| SM-9755 |
When operated under Wine, Sentinel License Generation API was not communicating correctly with the Master key. The following message was displayed: |
| Reference | Description |
|---|---|
| SM-4748 |
Sentinel Admin Control Center can now be used to configure the License Manager for the following additional considerations:
For more information, see "Configuring User Settings" in the Admin Control Center online help. |
| Reference | Description |
|---|---|
| SM-4942 |
Various crash conditions in the License Manager that could be used for denial-of-service attacks or privilege-escalation attacks have been resolved. |
| SM-7748 |
When a user issues a "detach license" request from a remote Admin Control Center, the user name cannot be included in request. As a result, User Restrictions (defined in ACC on the license server machine) that are based on the user name are handled as follows:
Sentinel Admin Control Center online help has been updated to describe these limitations. |
| Reference | Description |
|---|---|
| SM-884 |
When a Sentinel EMS user performs an action in a Java-free Web browser that affect Sentinel protection keys in Sentinel EMS Vendor Portal or Customer Portal, the user would get the following message: “Either Runtime is not installed or the EMS portal URL is not configured in ACC. Download the Latest Runtime Installer (EXE / DLL)”. This message appears when the installed RTE is not configured to communicate with the Sentinel EMS machine. Until now, this configuration had to be performed manually. Now, when a user installs RTE 7.54 (or later) that was rebranded by Sentinel EMS 7.5.4 (or later), the installed RTE is already configured as required. No manual configuration is required. |
| Reference | Description |
|---|---|
| SM-552 |
In Sentinel Admin Control Center on a Linux machine, when a user would click "More Languages", Admin Control Center would not contact the Gemalto server to search for available language packs. |
| Reference | Description |
|---|---|
| LDK-16443 |
Given the following circumstances:
Instead of generating an error message and rejecting the update, the License Manager would generate the error message and then remove the original SL AdminMode license from the machine. (The license would be restored when the License Manager was restarted.) |
| Reference | Description |
|---|---|
| LDK-13136 | Sentinel Licensing API would identify a Max Micro key as a Max key under certain circumstances. |
| LDK-13455 |
Given the following circumstances:
|
| LDK-13926 | The branded RTE Installer that is generated by Sentinel EMS did not copy the haspvlib correctly to /var/hasplm/. As a result, when hasp_update attempted to apply a V2C file, error 48 was generated. |
| LDK-14274 |
Given the following circumstances:
|
| LDK-14280 | HASP HL keys are not recognized correctly by the License Manager when keys from two or more vendors are connected to a given machine. |
| LDK-15306 | On the Diagnostics page of Admin Control Center, the Requests counter would count a request to local licenses as a remote request. |
| LDK-15307 |
Given the following circumstances:
|
| LDK-16113 | When a V2C file to clear the “cloned” status of an SL Legacy license was applied, The “clear clone” operation was not applied correctly until the user restarted the machine. |
| Reference | Description |
|---|---|
| 140898 | Under the Linux operating system, Sentinel License Manager does not support the IPV6 network protocol. |
If the Sentinel HL key for a running application is disconnected, the application is suspended. When the key is re-attached, the application resumes, but it goes into the background. The application can be brought to the foreground using one of the shell built-in "fg" from the same terminal from where application had been launched.
Do the following to bring a background application to the foreground:
fg <%jobId>The HASP HL Key Firmware has been modified to support future planned security enhancements in Sentinel LDK and Sentinel HASP. Sentinel LDK and Sentinel HASP automatically upgrade the Firmware on HASP HL keys from v.3.21 to the latest version (v.3.25). This occurs:
For HL keys with Firmware earlier than v.3.21, the upgrade does not occur automatically. Customers can upgrade the Firmware to v.3.25 by applying the Firmware Update V2C provided on the Sentinel HASP or Sentinel LDK Installation DVD v.5.0 and later.
During the Firmware upgrade, the relevant key will start to blink. Do not remove the key while it is blinking. If you remove the key too soon, the key may no longer be visible in Admin Control Center.
Note: In the event the key is no longer visible using the Linux Run-time Environment, do the following on a Windows computer:
The HL key is upgraded to v.3.25 Firmware and will now be visible in the Linux Admin Control Center.
© Gemalto 2019. All rights reserved. Gemalto, the Gemalto logo, are trademarks and service marks of Gemalto and are registered in certain countries.