Decommissioning the HSM Appliance

This section describes how to decommission the appliance to remove all current key material and configurations, so that it can be safely redeployed.

To decommission the Luna Network HSM

For full decommission (removing the unit from service, clearing the HSM of all your material, clearing the appliance of all identifying information) of a Luna Network HSM appliance, and assuming that you can power the appliance and gain admin access, follow these steps in LunaSH, using a serial connection:

1.Rotate all logs:

lunash:> syslog rotate

2.Delete all files in the SCP directory:

lunash:> my file clear

3.Delete all logs:

lunash:> syslog cleanup

4.Return the appliance to factory-default settings:

lunash:> sysconf config factoryreset -service all

5.Delete any backups of settings:

lunash:> sysconf config clear

6.Push the decommission button (small red button, inset in the Luna Network HSM back panel).

7.Power down the appliance.

8.Power up the appliance. At this point, the HSM internally issues and executes a zeroize command to erase all partitions and objects. This step takes about five minutes. The KEK is already gone at that point – erased as soon as the button is pressed – so the step of erasing partitions and objects is for customers subject to especially rigid decommission protocols.

Disabling Decommissioning

You can disable the decommissioning feature if you have the factory-installed HSM Capability 46: Allow Disable Decommission (see HSM Capabilities and Policies). The primary reason for disabling decommissioning is to prevent the HSM from being automatically decommissioned due to loss of battery (see Tamper Events). If decommissioning is disabled, the Luna Network HSM has an indefinite shelf life, as far as the battery is concerned.

To disable decommissioning

Set HSM Policy 46: Disable Decommission to 1(ON).

lunash:> hsm changepolicy -policy 46 -value 1