hsm factoryreset

Reset the HSM to its factory configuration. Use this command to set the HSM back to factory default settings, clearing all contents (puts HSM in zeroized state). Because this is a destructive command, the user is asked to “proceed” unless the -force switch is provided at the command line. This command resets settings and configuration, but does not perform firmware rollback or uninstall new capabilities installed since the HSM came from the factory.

NOTE   The hsm commands appear only when LunaCM's active slot is set to the administrative partition.

For eIDAS compliance, hsmrecover function is added to factoryreset commands - see Stored Data Integrity.

The standalone hsmrecover tool in the tools folder performs the same action, but can present additional messages that might be useful to Support engineers.


hsm factoryreset [-force]

Argument(s) Shortcut Description
-force -f Force the action without prompts. If this option is included in the list, the HSM will be zeroized without prompting the user for a confirmation of this destructive command.


lunacm:>hsm factoryreset

        Error communicating with the HSM.

        You are about to factory reset the HSM.
        All contents of the HSM will be destroyed.
        HSM policies will be reset and the remote PED vector will be erased.

        Are you sure you wish to continue?

        Type 'proceed' to continue, or 'quit' to quit now -> proceed

        Resetting HSM

 Command Result : No Error  

Example output showing extended hsmrecover attempts

lunacm:>hsm factoryreset

        Error communicating with the HSM.

        You are about to factory reset the HSM.
        All contents of the HSM will be destroyed.
        HSM policies will be reset and the remote PED vector will be erased.

        Are you sure you wish to continue?

        Type 'proceed' to continue, or 'quit' to quit now -> proceed

        Resetting HSM
        lunaserver: cannot reset token: Input/output error
        HSM Firmware not responding. Trying factory reset again.
        This operation may take several minutes . . . . . . .

 Command Result : No Error