A FIPS drive or SED is protected from unauthorized access only if the authentication key ID for the node is set to a value other than the default. You can return a FIPS drive or SED to unprotected mode by using the storage encryption disk modify command to set the key ID to the default.
Before you begin
You must be a cluster administrator to perform this task.
- Set the privilege level to advanced: set -privilege advanced
- If a FIPS drive is running in FIPS-compliance mode, set the FIPS authentication key ID for the node back to the default MSID 0x0: storage encryption disk modify -disk disk_id -fips-key-id 0x0
You can use the
security key-manager query command to view key IDs.
Example
cluster1::> storage encryption disk modify -disk 2.10.11 -fips-key-id 0x0
Info: Starting modify on 14 disks.
View the status of the operation by using the
storage encryption disk show-status command.
- Set the data authentication key ID for the node back to the default MSID 0x0: storage encryption disk modify -disk disk_id -data-key-id 0x0
The value of
-data-key-id should be set to 0x0 whether you are returning a SAS or NVMe drive to unprotected mode.
You can use the security key-manager query command to view key IDs.
Example
cluster1::> storage encryption disk modify -disk 2.10.11 -data-key-id 0x0
Info: Starting modify on 14 disks.
View the status of the operation by using the
storage encryption disk show-status command.