Page 180
MegaRAID SAS Software User GuideChapter 5: MegaRAID Command Tool
| SafeStore Security Options
5.7.3 Destroy the Security Key Use the command in the following table to destroy the security key.
5.7.4 Create a Security Key Use the command in the following table to create a security key.
5.7.5 Drive Security Key If you want to use the security key using EKMS, the EKMS must provide the security key.
You can create a security key using EKMS, or switch from EKM to LKM, or from LKM to
EKM.
Table 30: Destroy the Security Key
Convention MegaCli -DestroySecurityKey | [-Force] -aN
Description Destroys the security key. The controller uses the security key to lock and
unlock access to the secure user data. This key is encrypted into the security
key blob and stored on the controller.
Re-provisioning disables the security system of a device. For a controller, it
involves destroying the security key. For SED drives, when the drive lock key
is deleted, the drive is unlocked and any user data on the drive is securely
deleted.
Table 31: Create a Security Key
Convention MegaCli -CreateSecurityKey -SecurityKey sssssssssss |
[-Passphrase sssssssssss] |[-KeyID kkkkkkkkkkk] -aN
Description Creates a security key based on a user-provided string. The controller uses
the security key to lock and unlock access to the secure user data. This key is
encrypted into the security key blob and stored on the controller. If the
security key is unavailable, user data is irretrievably lost. You must take all
precautions to never lose the security key.
-CreateSecurityKey: Creates the security key.
-SecurityKey sssssssssss: Enters the new security key. The security
key is case-sensitive. It must be between eight and thirty-two characters and
contain at least one number, one lowercase letter, one uppercase letter, and
one non-alphanumeric character (e.g. < > @ +). The space character is not
permitted.
[-Passphrase sssssssssss]: Enters the new passphrase.The pass
phrase is case-sensitive. It must be between eight and thirty-two characters
and contain at least one number, one lowercase letter, one uppercase letter,
and one non-alphanumeric character (e.g. < > @ +). The space character is
not permitted.
Table 32: Drive Security Key
Convention MegaCli -CreateSecurityKey useEKMS –aN
Description Creates security key using EKMS.
Convention MegaCli -ChangeSecurityKey -SecurityKey sssssssssss [-Passphrase
sssssssssss] | [-KeyID kkkkkkkkkkk] –aN
Description To change the security from EKMS to LKM.
Convention MegaCli -ChangeSecurityKey useEKMS -OldSecurityKey sssssssssss –aN
Description To change security from LKM to EKM.
Convention MegaCli -ChangeSecurityKey -useEKMS –aN-
Description rekeying in EKMS
To Next Page
Loading...
