KB.15.15

• system generated private keys

• user installed private keys and certificates

• legacy manager/operator password files

• crypto-key files

• fdr logs

• core dumps

Zeroization can be initiated in one of three ways:

• CLI command

• During Secure Mode transition, initiated through the secure-mode CLI command executed

in a serial session

• ROM console command

The zeroization process can be time-consuming; for this reason, it is performed during the initial

process of a switch reboot. After zeroization, the configuration file is rebuilt from the default config

file, which is similar to the config rebuilding process performed by the erase startup-config

command.

Syntax

erase all [zeroize]

Erases all management module files, including configuration files, core dumps,

password files, crypto-key files, etc. Software images are not erased.

When executed without the zeroize option, files are removed, but the flash storage

is not zeroized. The data is still physically present in the flash. The flash can be

removed from the switch and the data recovered with file recovery tools.

[zeroize]: Zeroizes the file storage of the management modules.

NOTE: It is recommended that zeroization be performed from the serial console so that the status

information can be viewed during the zeroization process.

Example 117 Zeroizing the management module files

HP Switch(config)# erase all zeroize

The system will be rebooted and all management module files

except software images will be erased and zeroized. This will

take up to 60 minutes and the switch will not be usable during

ing that time. Continue (y/n)? y

Zeroizing from the ROM console

It is also possible to zeroize the file storage from the ROM console of the switch, using the

erase-all zeroize command at the prompt. This most likely occurs during a switch recovery

process. The warning messages are the same as for the CLI command.

442 Troubleshooting