Comparing Zeroize, Decommission, Re-image, and Factory Reset

You can clear the contents of your Luna HSM, or the HSM may be cleared in response to an event. How this affects the contents and configuration of your HSM depends on whether the user partitions were deleted or whether the HSM was zeroized, decommissioned, re-imaged, or factory reset as detailed below:

Action Command/Event Description
Erase User Partitions

>Enable or disable a destructive HSM policy

Destroy/erase all user partitions, but do not zeroize the HSM. Policy 46 "Disable Decommission" is the exception in that it zeroizes the HSM and erases all user partitions if the policy is changed. To bring the HSM back into service, you need to:

1.Recreate the partitions

2.Reinitialize the partition roles

Zeroize

>Too many bad login attempts on the HSM SO account

>Perform an HSM firmware rollback

>lunash:> hsm zeroize

Deletes all partitions and their contents, but retains the HSM configuration (audit role and configuration, policy settings). To bring the HSM back into service, you need to:

1. Reinitialize the HSM

2.Recreate the partitions

3.Reinitialize the partition roles

Decommission

>Press the decommission button on the rear of the appliance.

>Enable HSM Policy 40: Decommission on Tamper, and tamper the HSM.

Deletes all partitions and their contents, the audit role, and the audit configuration. Retains the HSM policy settings. To bring the HSM back into service, you need to:

1. Reinitialize the HSM

2.Reinitialize the audit role and reconfigure auditing

3. Recreate the partitions

4.Reinitialize the partition roles

Re-image the Appliance lunash:> sysconf reimage start

Formats the Luna Network HSM 7 file system, zeroizes the HSM, erases the appliance configuration, and resets the software/firmware to the baseline version. You will need to reconfigure the appliance and the HSM as if it were new, including setting a password for the admin role.

CAUTION!   Re-imaging to an older appliance software version might expose vulnerabilities that were fixed in newer releases.

Factory Reset lunash:> hsm factoryReset Deletes all partitions and their contents, and resets all roles and policy configurations to their factory default values. To bring the HSM back into service, you need to completely reconfigure the HSM as though it were new from the factory.