Comparing Zeroize, Decommission, and Factory Reset

You can clear the contents of your HSM on demand, or the HSM may be cleared in response to an event. How this affects the contents and configuration of your HSM depends on whether the user partitions were deleted or whether the HSM was zeroized, decommissioned, or factory reset, as detailed below:

Action Command/Event Description
Erase User Partitions

>Enable or disable a destructive HSM policy

Destroy/erase all user partitions, but do not zeroize the HSM. Policy 46 " Disable Decommission" is the exception in that it zeroizes the HSM and erases all user partitions if the policy is changed. To bring the HSM back into service, you need to:

1.Recreate the partitions

2.Reinitialize the partition roles

Zeroize

>Too many bad login attempts on the HSM SO account

>Perform an HSM firmware rollback

>Run the  LunaSH command hsm zeroize

Deletes all partitions and their contents, but retains the HSM configuration (audit role and configuration, policy settings). To bring the HSM back into service, you need to:

1. Reinitialize the HSM

2.Recreate the partitions

3.Reinitialize the partition roles

Decommission

>Press the decommission button on the rear of the appliance.

>Enable HSM Policy 40: Decommission on Tamper, and tamper the HSM. 

Deletes all partitions and their contents, the audit role, and the audit configuration. Retains the HSM policy settings. To bring the HSM back into service, you need to:

1. Reinitialize the HSM

2.Reinitialize the audit role and reconfigure auditing

3. Recreate the partitions

4.Reinitialize the partition roles

Factory Reset Run the LunaSH command hsm factoryreset Deletes all partitions and their contents, and resets all roles and policy configurations to their factory default values. To bring the HSM back into service, you need to completely reconfigure the HSM as though it were new from the factory.