How to return SED to factory-configured settings after OKM data authentication key is lost
Applies to
- ONTAP 9
- Onboard Key Manager (OKM)
- Only data-key-id on SEDs
- Self-encrypting drives (SEDs). Example:
- X365_TPM4V1T6AMD
- X440_TPM3V800AMD
Description
WARNING Sanitizing one or more self-encrypting disks (SEDs), renders the existing data on the SEDs impossible to retrieve. |
- The only method to restore the encryption key is by having cluster passphrase and restoring the backup information of Onboard key Manager with output from
::> security key-manager onboard show-backup
- This operation employs the inherent erase capability of SEDs to perform all of the following changes:
- Changes the disk encryption key to a new random value
- Resets the power-on lock state to false
- Sets the data authentication key (AK) to the default manufacture secure ID (MSID).