hsm factoryreset
Reset the HSM to its factory configuration. Use this command to set the HSM back to factory default settings, clearing all contents (puts HSM in zeroized state). Because this is a destructive command, the user is asked to “proceed” unless the -force switch is provided at the command line. This command resets settings and configuration, but does not perform firmware rollback or uninstall new capabilities installed since the HSM came from the factory.
NOTE The hsm commands appear only when LunaCM's active slot is set to the administrative partition
For eIDAS compliance, hsmrecover function is added to factoryreset commands - see Stored Data Integrity.
The standalone hsmrecover tool in the tools folder performs the same action, but can present additional messages that might be useful to Support engineers.
Syntax
hsm factoryreset [-force]
Argument(s) | Shortcut | Description |
---|---|---|
-force | -f | Force the action without prompts. If this option is included in the list, the HSM will be zeroized without prompting the user for a confirmation of this destructive command. |
Example
lunacm:>hsm factoryreset Error communicating with the HSM. You are about to factory reset the HSM. All contents of the HSM will be destroyed. HSM policies will be reset and the remote PED vector will be erased. Are you sure you wish to continue? Type 'proceed' to continue, or 'quit' to quit now -> proceed Resetting HSM Command Result : No Error
Example output showing extended hsmrecover attempts
lunacm:>hsm factoryreset Error communicating with the HSM. You are about to factory reset the HSM. All contents of the HSM will be destroyed. HSM policies will be reset and the remote PED vector will be erased. Are you sure you wish to continue? Type 'proceed' to continue, or 'quit' to quit now -> proceed Resetting HSM lunaserver: cannot reset token: Input/output error HSM Firmware not responding. Trying factory reset again. This operation may take several minutes . . . . . . . Command Result : No Error