Entrust nShield Security Manual page 59

(case) of the nShield Connect has tamper detection and response capabilities. When
tampered, the unit ceases to provide cryptographic functionality, alerts the operator of
the event, and ultimately forces the operator to reset the unit to factory defaults. For
guidance on how to respond to a tamper, see
Movements/vibrations, or replacing the fan tray module or a PSU, does not activate the
tamper detection functionality.
8.4.1.1. nShield Connect lid is closed
If the nShield Connect is powered, a tamper event has occurred, and the lid is closed, the
following message is displayed on screen:
** TAMPER DETECTED **
Consult User Guide.
Check physical seals.
Reset to factory state
or disable tamper
detection first?
RESET DISABLE
When you see this message, examine your unit for physical signs of tampering, see
Physical security checks.
If you discover signs of tampering do not attempt to put the unit back into operation.
The date and time of the tamper event are recorded in the log (see Logging, debugging,
and diagnostics section of the nShield Connect User Guide).
The tamper-responsiveness circuitry has a RTC that runs independently
from the main nShield Connect clock. The times associated with events

in the tamper log may have slight offsets to times recorded in other log
files.
If there are signs of tampering, and the tamper event occurred
• During transit from Entrust, contact Entrust nShield Support
• After installation, refer to your security policies and procedures.
If there are no signs of tampering, you can either:
• Reset the nShield Connect to a factory state. Use the Security World data stored on
the RFS and the ACS to recover the keys and cryptographic data.
Or:
• Disable the tamper detection functionality and then reset the nShield Connect to a
factory state.
nShield® Security Manual
Security Incident and Response.
59 of 90