Why do I fail to load the new master key during the master key rotation process?

After you run the cryptounit-mk-rotate command in the TKE CLI, you fail to load the new master key to the Current Master Key Register.

The new master key is not in Valid state in the current master key register after you run the cryptounit-mk-rotate command.

You accidentally exit the TKE CLI window when the root keys are being rewrapped by the new master key after you run the cryptounit-mk-rotate command.

Run the cryptounit-mk-rotate command again to resume the root key rewrap operations. When prompted, enter the password for the current signature key file to activate the new master key.