Create Storage Subsystem Security Key

This command creates a new security key for a storage subsystem that has Full Disk Encryption disk drives. This command also sets the security definitions and sets the state to Security Enabled.

Syntax

create storageSubsystem securityKey [keyIdentifier=keyIdentifierString] | passPhrase=passPhraseString | file=fileName | commitSecurityKey=(TRUE | FALSE)

Parameters
Parameter Description
keyIdentifier The character string that combines the storage subsystem ID and a randomly generated string to produce the security key identifier.
passPhrase The character string that wraps the security key identifier with a pass phrase that is 8 to 32 characters in length. You must use at least one number, one lowercase letter, one uppercase letter, and one non-alphanumeric character (a space is not permitted).
file

The name of the file to which you save the security key identifier.

Note: Add a file extension of .slk to the end of the file name.

commitSecurityKey This parameter commits the security key identifier to the storage subsystem for all FDE disk drives as well as the controllers. After the security key identifier is committed, a key is required to read data or write data. The data can only be read or changed by using a key, and the disk drive can never be used in a non-secure mode without rendering the data useless or totally erasing the disk drive.
Notes

To use this command successfully you need to have enough FDE disk drives to create at least one array.

The controller firmware creates a lock that restricts access to the FDE disk drives. FDE disk drives have a state called Security Capable. When you create a security key, the state is set to Security Enabled, which restricts access to all FDE disk drives that exist within the storage subsystem.

Minimum Firmware Level

7.40