Zeroization is a process required by FIPS 140-3 to remove Critical Security Parameters on a device and prevent the ION device from powering up. Zeroization is supported only in FIPS and FIPS-CC mode. The zeroization process is initiated by a superuser, which triggers a reset process to factory settings. Post zeroization, the device follows the RMA process.

The POST test is performed to determine if cryptographic algorithms operate correctly each time the device is powered on or reset in FIPS and FIPS-CC modes. If the POST fails, the ION device goes to the fatal state, and then the device follows the RMA process.

The ION device performs the HMAC Integrity test at every reboot. When the check fails, the ION device goes into a fatal state and follows the RMA workflow.

Images are signed with RSA private key and verified by public key during installation. The system verifies the contents of the specific packages after the upgrade. The check uses the md5sum values recorded in the package manager's database to confirm that the files in the SSD root file system are as expected. If not, the system reinstalls the SSD root file system and checks again. If the check fails, the system will not boot. The device cannot be used and needs to follow the RMA process.