Chapter 23. Encryption enablement and support commands
The following sections describe the XIV Command Line Interface (XCLI) for
encryption configuration.
The sections are listed as follows:
v encrypt_disable(Disable the data protection feature)
v encrypt_enable(Enable the data protection feature)
v encrypt_keyserver_define(Defines a keyserver to be used by the system)
v encrypt_keyserver_delete(Removes a keyserver used by the system)
v encrypt_keyserver_list(Lists the keyservers currently defined in the system
along with connectivity status)
v encrypt_keyserver_rekey(Initiates a rekey against the master keyserver)
v encrypt_keyserver_rename(Change the name of a defined keyserver)
v encrypt_keyserver_update(Change a keyserver ip address and/or port)
v encrypt_recovery_key_enter(Used to unlock encrypted disks when the system
reboots and cannot access any of the defined keyservers, and recovery keys were
defined)
v encrypt_recovery_key_generate(Used to specify which Security Admins will
receive recovery key shares, and the minimum number of recovery key shares
that need to be entered)
v encrypt_recovery_key_get(Used to retrieve the recovery key share generated for
the current user)
v encrypt_recovery_key_rekey(Restarts the recovery key generation process as
described in encrypt_recovery_key_generate)
v encrypt_recovery_key_status(Shows status information regarding recovery keys)
v encrypt_recovery_key_verify(Used to confirm that the current user has correctly
copied the recovery key share presented by encrypt_recovery_key_get)
v encrypt_recovery_key_list(Lists recovery key share information)
Disable Encryption
Disable the data protection feature
encrypt_disable
This command disables the data protection feature. A prerequisite for this is that
no volumes are defined on the system. In addition to disabling the data protection,
a cryptographic erase is performed on all protected bands (ensuring that all
existing user data is no longer accessible). After the command successfully
completes, all bands are left in an unlocked state. Disabling encryption when the
encryption state other than ACTIVE (displayed as "Enabled" in state_list)isan
error.
Example:
xcli -u -c XIV1 encrypt_disable -y
485
To Next Page
Loading...
Need help?
General
