Skip to main content

SED Authentication Key (AK) Manager

To the system installed with SED (self-encrypting drive), this feature controls BMC to deploy SED Authentication Key. You can use SED Authentication Key to encrypt boot and data drives and boot the system without manual intervention

Note
This operation is not allowed when the system is not activated (System Lockdown Mode is asserted) or current user does not have the authority to manage SED Authentication Key.
Note
System Lockdown Mode is only available for SE350 with Security Pack but not SE350 standard. Version can be checked at Home tab under System Information and Settings.
Note
The SE350 also supports an auto backup feature as long as the either ThinkSystem M.2 Enablement Kit or ThinkSystem M.2 Mirroring Enablement Kit is healthy. If hardware is damaged, but both SED and M.2 Kit are healthy, they can be installed into another SE350 and the SED AK can then be restored. However, in order to be prepared for a full hardware crash, Lenovo recommends making a SED AK backup.

Click Security under BMC Configuration and scroll to SED Authentication Key (AK) Manager.

Change the SED AK
Generate SED AK from Passphrase: Set the password and reenter it for the confirmation. Click Re-generate to get the new SED AK.
Generate a Random SED AK: Click Re-generate to get a Random SED AK.
Backup the SED AK: Set the password and re-enter it for the confirmation. Click Start Backup to back the SED AK; then, download the SED AK file and store it safely for future use.
Note
If you use the backup SED AK file to restore a configuration, the system will ask for the password that you set here.
Recover the SED AK: You can only perform this task while the SED is not functioning properly. There are two ways to recover the SED AK:
  • Recover SED AK using Passphrase: Use the password that set in Generate SED AK from Passphrase mode to recover the SED AK.

  • Recover SED AK from Backup file: Upload the backup file generated in Backup the SED AK mode and enter the corresponding backup file password to recover the SED AK.