thank you for your reply.
We followed every steps in Enable TDE on SQL Server Using EKM,
we did a test. The moment we disable the network to HSM, we encountered the following error
A sample of the errors we encountered in SQL Server log
" 2019-10-29 1 An error occurred during decryption.
2019-10-29 1 Error: 9001, Severity: 21, State: 4.
2019-10-29 1 The log for database 'XXXXX' is not available. Check the operating system error log for related error messages. Resolve any errors and restart the database."
some of our databases became recovery pending
why it still needs asymmetric key to decrypt the database encryption key since a decrypted copy is keep inside protected memory