|
Home > |
|---|
Ideally, the hsm init command is used once, when you first configure
your SafeNet HSM for use with your application, then you place the unit in
service and never initialize it again. However, unanticipated situations
or requirements can arise that might cause you to initialize the HSM.
A simple example is that you might perform trial setups in a laboratory
environment before placing your SafeNet system into a "live" or
"production" environment.
For further detail and for explanations of the concepts "hard" init and "soft" init, see Initialization Overview for PED-authenticated HSMs and Initialization Overview for Password-Authenticated HSMs.
The SafeNet shell command 'hsm factoryReset' puts the HSM in a zeroized
state. (See What Does Zeroized Mean?.) To completely start over for configuration of the
HSM, use hsm factoryReset, then hsm init.
It is not necessary to perform hsm login before hsm factoryReset.
This is not considered a security issue because the command is accepted
only via the local serial console. It is assumed that you provide sufficient physical security for your HSM appliance(s). An attacker who could interrupt or deny your use of the HSM by gaining access to your premises to make a serial connection and issue destructive commands could as easily steal or physically destroy the HSM while in your server room.
If you are taking a SafeNet Network HSM out of service, to go into storage, or to be shipped to another location (or back to SafeNet), then after you perform hsm factoryReset, perform hsm init to overwrite any labels or settings that you previously made.
View a table that compares and contrasts various "deny access" events or actions that are sometimes confused. Comparison of Destruction/Denial Actions