RMA and Shipping Back to SafeNet

Although rare, it could happen that you need to ship a SafeNet HSM back to SafeNet.

You would deal through your SafeNet representative to obtain the Return Material Authorization (RMA) and instructions for packing and shipping.

However, you might wish to take the maximum precaution with any contents in your HSM before it leaves your possession. Or your security policy (or security auditors) might require it.

For HSM Network appliance

•Press the "decommission" button on the appliance back panel; this forcibly clears all HSM contents.

•If the appliance uses PED (Trusted Path) authentication, set the HSM into Secure Transport Mode ( hsm srk enable (if not already enabled) followed by hsm srk transportMode enter), and simply do not send us the purple key. We have no way to access the HSM, and no choice but to remanufacture it.

For PCIe HSM

•Use a screwdriver or other conductive tool to bridge the two pins of the decommission header on the PCIe circuit board.

•If the HSM uses PED (Trusted Path) authentication, set the HSM into Secure Transport Mode ( hsm srk enable (if not already enabled) followed by hsm srk transportMode enter), and simply do not send us the purple key. We have no way to access the HSM, and no choice but to remanufacture it.

For USB HSM

•The USB HSM does not have a "decommission" option; you can perform hsm init or make more than three bad login attempts on the SO, and perform hsm factoryreset

•If the HSM uses PED (Trusted Path) authentication, set the HSM into Secure Transport Mode ( hsm srk enable (if not already enabled) followed by hsm srk transportMode enter), and simply do not send us the purple key. We have no way to access the HSM, and no choice but to remanufacture it.

Note:  For Password-authenticated HSMs, the Secure Transport option is not available, as it is not possible to extract a portion of the SRK off the HSM.