How to return SED to factory-configured settings after FIPS authentication key is lost
Applies to
- Self-encrypting drives (SEDs)
- FIPS 140-2 authentication key set on SED
Description
- SED drives are showing container type of unsupported and unable to show the disk from nodeshell because SED drives have an authentication key with power-cycle protection and the authentication key needed to unlock the drive is lost.
- The system treats a FIPS drive or SED as broken if you lose the authentication keys for it permanently and cannot retrieve them from the KMIP server.
- Although you cannot access or recover the data on the disk, you can take steps to make the SED’s unused space available again for data by reverting the SED drive back to manufactured state with MSID 0x0.
Cluster::> storage disk show -container-type unsupported
Usable Disk Container Container
Disk Size Shelf Bay Type Type Name Owner 1.0.7 - 0 7 unknown unsupported - -
Cluster::> storage encryption disk show -fields data-key-id,fips-key-id
disk data-key-id fips-key-id
1.0.7 n/a n/a
Cluster::> node run -node <node-name> priv set adv;disk show <adapter>.<bay number>
DISK OWNER POOL SERIAL NUMBER HOME DR HOME