This command creates a new security key for a storage subsystem that has Full Disk Encryption disk drives. This command also sets the security definitions and sets the state to Security Enabled.
create storageSubsystem securityKey [keyIdentifier=keyIdentifierString] | passPhrase=passPhraseString | file=fileName | commitSecurityKey=(TRUE | FALSE)
Parameter | Description |
---|---|
keyIdentifier | The character string that combines the storage subsystem ID and a randomly generated string to produce the security key identifier. |
passPhrase | The character string that wraps the security key identifier with a pass phrase that is 8 to 32 characters in length. You must use at least one number, one lowercase letter, one uppercase letter, and one non-alphanumeric character (a space is not permitted). |
file |
The name of the file to which you save the security key identifier. Note: Add a file extension of .slk to the end of the file name. |
commitSecurityKey | This parameter commits the security key identifier to the storage subsystem for all FDE disk drives as well as the controllers. After the security key identifier is committed, a key is required to read data or write data. The data can only be read or changed by using a key, and the disk drive can never be used in a non-secure mode without rendering the data useless or totally erasing the disk drive. |
To use this command successfully you need to have enough FDE disk drives to create at least one array.
The controller firmware creates a lock that restricts access to the FDE disk drives. FDE disk drives have a state called Security Capable. When you create a security key, the state is set to Security Enabled, which restricts access to all FDE disk drives that exist within the storage subsystem.
7.40