What Does Zeroized Mean?
In the context of HSMs in general, the term to "zeroize" means to erase all plaintext keys. Some HSMs keep all keys in plaintext within the HSM boundary. Thales Luna HSMs do not.
In the context of Thales Luna HSMs, keys at rest [ keys or objects that are stored in the HSM ] are encrypted. Keys are decrypted into a volatile working memory space inside the HSM only while they are being used. Items in volatile memory disappear when power is removed. The action that we loosely call "zeroizing", or clearing, erases volatile memory as well as destroying the key that encrypts stored objects.
Therefore,
•if you perform hsm factoryReset, or
•if you make too many bad login attempts on the SO account, or
not only are any temporarily decrypted keys destroyed, but all customer keys on the HSM are immediately rendered inaccessible and unrecoverable.