Device Zeroization
On the ESS-3300, the Push Button is used exclusively for triggering the Zeroization process which zeroize and erase switch configuration files or entire flash file system depending on the option provided under the CLI service declassify.
The Zeroization process starts as soon as the Push Button is pressed. The CLI command, service declassify, is used to set the desired action in response to the Push Button press. To prevent accidental erasure of the system configuration/image, the default setting is set to no service declassify.
eMMC is a managed NAND. This means that our embedded switch or router system does not interact with the flash memory directly. The flash controller presents a block-style interface to our system, and it handles the flash management (analogous to the Flash Translation Layer). Our embedded switch or router system cannot access the raw flash directly.
The JEDEC standard has commands that are supposed to remove data from the raw flash. In Cisco’s implementation, the “Erase” and “Sanitize” commands are used. The eMMC standard JESD84-B51 defines “Sanitize” as follows:
Note |
The Sanitize operation is a feature that is used to remove data from the device according to Secure Removal Type. The use of the Sanitize operation requires the device to physically remove data from the unmapped user address space. |
Note |
After the sanitize operation is completed, no data should exist in the unmapped host address space. |
Important |
Zeroization does NOT erase removable media such as SD Card and USB Storage. This media must be removed from the system and erased or destroyed using procedures that are outside the scope of this document. |