Comparing Zeroize, Decommission, and Factory Reset
You can clear the contents of your HSM on demand, or the HSM may be cleared in response to an event. How this affects the contents and configuration of your HSM depends on whether the user partitions were deleted or whether the HSM was zeroized, decommissioned, or factory reset as detailed below:
Action | Command/Event | Description |
---|---|---|
Erase User Partitions |
>Enable or disable a destructive HSM policy |
Destroy/erase all user partitions, but do not zeroize the HSM. Policy 46 "Disable Decommission" is the exception in that it zeroizes the HSM and erases all user partitions if the policy is changed. To bring the HSM back into service, you need to: 1.Recreate the partitions 2.Reinitialize the partition roles |
Zeroize |
>Too many bad login attempts on the HSM SO account >Perform an HSM firmware rollback >
|
Deletes all partitions and their contents, but retains the HSM configuration (audit role and configuration, policy settings). To bring the HSM back into service, you need to: 1. Reinitialize the HSM 2.Recreate the partitions 3.Reinitialize the partition roles |
Decommission |
>Press the decommission button on the rear of the appliance. >Enable HSM Policy 40: Decommission on Tamper, and tamper the HSM. |
Deletes all partitions and their contents, the audit role, and the audit configuration. Retains the HSM policy settings. To bring the HSM back into service, you need to: 1. Reinitialize the HSM 2.Reinitialize the audit role and reconfigure auditing 3. Recreate the partitions 4.Reinitialize the partition roles |
Factory Reset |
|
Deletes all partitions and their contents, and resets all roles and policy configurations to their factory default values. To bring the HSM back into service, you need to completely reconfigure the HSMas though it were new from the factory. |