token backup factoryReset
Reset a Luna Backup HSM to factory default settings (destroys the KEK or permanently denies access to existing objects, erasesor authentication, so you need to initialize before using again). Can be run only from the local serial console.
The action is equivalent to the hsm factoryReset command that acts on the appliance's built-in HSM.
View a table that compares and contrasts various "deny access" events or actions that are sometimes confused: Comparison of Destruction/Denial Actions
An external Luna Backup HSM can be USB-connected to a Luna Network HSM 7 appliance for local backup/restore operations.
Luna Network HSM 7 does not pass Luna PED operations and data through to an externally-connected Luna Backup HSM from a Luna PED connected locally to the Luna Network HSM 7.
If the Backup HSM is multifactor quorum-authenticated, then the options for Luna PED connection are:
>local SCP-PED connection directly to the Backup HSM (Luna Backup HSM G5 only)
>Remote PED connection, passed through the Luna Network HSM 7 (Luna Backup HSM G5, Luna Backup HSM 7 v1 or v2, requires minimum Luna Appliance Software 7.7.0, use procedure for Luna Backup HSM 7 Connected to Luna Network HSM 7 Using Remote Multifactor Quorum Authentication)
User Privileges
Users with the following privileges can perform this command:
>Admin
>Operator
Syntax
token backup factoryReset -serial <serialnum> [-force]
Argument(s) | Shortcut | Description |
---|---|---|
-serial <serialnum> | -s | Specifies the Backup HSM serial number. |
-force | -f | Force the action without prompting. |
Example
lunash:>token backup factoryReset -serial 496771 CAUTION: Are you sure you wish to reset this backup token to factory default settings? All data will be erased. Type 'proceed' to return the token to factory default, or 'quit' to quit now. > proceed 'token backup factoryReset' successful. Command Result : 0 (Success)