hsm zeroize

Removes all partitions and keys from the HSM.

CAUTION!   This command puts the HSM in a zeroized state.

>This command destroys the HSM SO and all users (except Auditor), and their objects.

>This command can be run only via a local serial connection; it is not accepted via SSH. Because this is a destructive command, the user is asked to “proceed” unless the -force switch is provided at the command line. See Comparison of Destruction/Denial Actions in the Administration Guide to view a table that compares and contrasts various "deny access" events or actions that are sometimes confused.

> This command does not require HSM login. The assumption is that your organization's physical security protocols prevent unauthorized physical access to the HSM. Nevertheless, if those protocols failed, an unauthorized person would have no access to HSM contents, and would be limited to temporary denial of service by destruction of HSM contents.

>This command does not reset HSM policies, except for policy 39: Allow Secure Trusted Channel. After zeroization, you will need to re-establish your STC links, as described in Restoring STC After HSM Zeroization in the Administration Guide, and in Creating an STC Link Between a Client and a Partition in the Configuration Guide.

>This command does not erase the RPV (Remote PED Vector or orange PED Key authentication data) from the HSM.

>This command does not delete the Auditor role.

To also reset HSM policies and destroy the RPV and destroy the Auditor, see hsm factoryreset.  

User Privileges

Users with the following privileges can perform this command:

>Admin

Syntax

hsm zeroize [-force]

Argument(s)

Shortcut

Description

-force -f

Force the action without prompting.

Example

lunash:>hsm zeroize
 
 
CAUTION: Are you sure you wish to zeroize this HSM?
          All partitions and data will be erased.
          HSM level policies will not be changed. 
          All current NTLS and/or STC sessions will be terminated. 
          If you want policies reverted as well, use factory reset.
          Type 'proceed' to return the HSM to factory default, or
          'quit' to quit now.
          > proceed
'hsm zeroize' successful.
 
Please wait while the HSM is reset to complete the 
process.
 
 
Command Result : 0 (success)