Zeroizing the System
To zeroize your device, follow the below procedure:
- Login to the device as Crypto Officer and from CLI, enter
For MTRE:
crypto-officer@host> request vmhost zeroize no-forwarding VMHost Zeroization : Erase all data, including configuration and log files ? [yes,no] (no) yes
For RE1800:
crypto-officer@host> request system zeroize warning: System will be rebooted and may not boot without configuration Erase all data, including configuration and log files? [yes,no] (no) yes
- To initiate the zeroization process, type yes at the prompt:
Erase all data, including configuration and log files? [yes, no] (no) yes warning: ipsec-key-management subsystem not running - not needed by configuration. warning: zeroizing re0 Dec 16 05:05:03 init: ddos-service (PID 3123) te Waiting (max 60 seconds) for system process `vnlru' to stop...rminate signal 1done Waiting (max 60 seconds) for system process `vnlru_mem' to stop...5 sent Dec 16 done Waiting (max 60 seconds) for system process `bufdaemon' to stop...05:05:03 init: nfsd-service (PID 3124) terminate signal 15 sent Dec 16 05:05:03 init: commit-syncd (PID 3125) terminate signal 15 sent Dec 16 05:05:03 init: pki-service (PID 3126) terminate signal 15 sent Dec 16 05:05:03 init: mspd (PID 3127) terminate signal 15 sent Dec 16 05:05:03 init: mountd-service (PID 3128) terminate signal 15 sent Dec 16 05:05:03 init: subscriber-management-helper (PID 3129) terdone...
The entire operation can take considerable time depending on the size of the media, but all critical security parameters (CSPs) are removed within a few seconds. The physical environment must remain secure until the zeroization process is complete.