In the context of HSMs in general, the term to "zeroize" means to erase all plaintext keys. Some HSMs keep all keys in plaintext within the HSM boundary. Luna HSMs do not.
In the context of Luna HSMs,
are encrypted. Keys are decrypted into a volatile working memory space inside the HSM only while they are being used. Items in volatile memory disappear when power is removed. The action that we loosely call "zeroizing", or clearing, erases volatile memory as well as destroying the key that encrypts stored objects.Therefore, if you perform hsm factoryReset, or if you make too many bad login attempts on the SO account, or if you press the , not only are any temporarily decrypted keys destroyed, but all customer keys on the HSM are immediately rendered inaccessible and unrecoverable. The is destroyed by a zeroization (erasure) or decommission event. At that point, any objects or identities on the HSM become effectively random blobs of bits that can never be decoded.
The next initialization, required after a KEK zeroization, erases the
, and overwrites the HSM with new user parameters. Everything is further encrypted with a .
Keys NOT encrypted by the KEK are those that require exemption and are not involved in user identities or user objects: