Returning a module to factory state

nShield HSMs that are delivered from the factory contain no data relating to the ncoreapi service. A small amount of 'lifetime' data, which is used by the platform services, is pre-installed. This data is for personalisation and identification of the individual HSM, such as its ESN.

You can perform a reset operation that returns the data stored in an HSM to the state it was in when it left the factory. This erases user credentials and information, leaving only the 'lifetime' data.

When an HSM is in this state it will not support any user commands other than hsmadmin enroll and it will be necessary to follow the process described in Set up communication between host and module before any further actions can be taken.

The main reason for returning an HSM to factory state is to securely erase all user secrets if, for instance, the HSM is being taken out of service or being moved from one domain to another where it is important to ensure that there is no possibility of secrets being leaked between domains.

You should also return your unit to factory state when returning the unit to Entrust for servicing or warranty.

Returning a unit to factory state will also be necessary if you have lost possession of the SSH keys used to communicate with the HSM and you have not previously made a backup of those keys with hsmadmin keys backup (or hsmadmin keys backup --passphrase if the HSM is being re-installed in a different machine). If this happens returning the HSM to factory state will allow hsmadmin enroll to successfully create new keys and re-establish communication with the HSM.

The HSM can be returned to factory state in one of two ways. Either by use of hsmadmin factorystate or by placing the HSM in recovery mode as described in Recovery mode.

If the SSH keys used to communicate with the HSM have been lost, only the recovery mode option is possible. Both of the above methods include a reboot of the HSM.

The HSM is taken out of factory state by use of hsmadmin enroll