Decommissioning the Luna Network HSM 7 Appliance

This section describes how to decommission the appliance to remove all current key material and configurations, so that it can be safely redeployed.

To decommission the Luna Network HSM 7

For full decommission (removing the unit from service, clearing the HSM of all your material, clearing the appliance of all identifying information) of a Luna Network HSM 7 appliance, and assuming that you can power the appliance and gain admin access, follow these steps in LunaSH, using a serial connection:

1.Rotate all logs:

lunash:> syslog rotate

2.Delete all files in the SCP directory:

lunash:> my file clear

3.Delete all logs:

lunash:> syslog cleanup

4.Return the appliance to factory-default settings:

lunash:> sysconf config factoryReset -service all

5.Delete any backups of settings:

lunash:> sysconf config clear

6.Push the decommission button (refer to HSM Emergency Decommission Button for a full description of what happens).

7.Power down the appliance.

8.Power up the appliance. At this point, the HSM internally issues and executes a zeroize command to erase all partitions and objects. This step takes about five minutes. The KEK is already gone at that point – erased as soon as the button is pressed – so the step of erasing partitions and objects is for customers subject to especially rigid decommission protocols.

Disabling Decommissioning

You can disable the decommissioning feature if you have the factory-installed HSM Capability 46: Allow Disable Decommission (see HSM Capabilities and Policies). The primary reason for disabling decommissioning is to prevent the HSM from being automatically decommissioned due to loss of battery (see Tamper Events). If decommissioning is disabled, you can continue to use the Luna Network HSM 7 after the battery has been depleted, but this is not recommended by Thales.

To disable decommissioning

Set HSM Policy 46: Disable Decommission to 1(ON).

lunash:> hsm changePolicy-policy 46 -value 1