hsm zeroize
Removes all partitions and keys from the HSM.
CAUTION! This command puts the HSM in a zeroized state.
>This command destroys the HSM SO and all users (except Auditor), and their objects.
>This command can be run only via a local serial connection; it is not accepted via SSH. Because this is a destructive command, the user is asked to “proceed” unless the -force switch is provided at the command line. See Comparison of Destruction/Denial Actions to view a table that compares and contrasts various "deny access" events or actions that are sometimes confused.
> This command does not require HSM login. The assumption is that your organization's physical security protocols prevent unauthorized physical access to the HSM. Nevertheless, if those protocols failed, an unauthorized person would have no access to HSM contents, and would be limited to temporary denial of service by destruction of HSM contents.
>This command does not reset HSM policies, except for policy 39: Allow Secure Trusted Channel. After zeroization, you will need to re-establish your STC links, as described in Creating an STC Connection.
>This command does not erase the RPV (Remote PED Vector or orange PED Key authentication data) from the HSM.
>This command does not delete the Auditor role.
To also reset HSM policies and destroy the RPV and destroy the Auditor, see hsm factoryreset.
User Privileges
Users with the following privileges can perform this command:
>Admin
Syntax
hsm zeroize [-force]
Argument(s) |
Shortcut |
Description |
---|---|---|
-force | -f |
Force the action without prompting. |
Example
lunash:>hsm zeroize CAUTION: Are you sure you wish to zeroize this HSM? All partitions and data will be erased. HSM level policies will not be changed. All current NTLS and/or STC sessions will be terminated. If you want policies reverted as well, use factory reset. Type 'proceed' to return the HSM to factory default, or 'quit' to quit now. > proceed 'hsm zeroize' successful. Please wait while the HSM is reset to complete the process. Command Result : 0 (success)