storage encryption disk revert-to-original-state

Revert a self-encrypting disk to its original, as-manufactured state

Availability: This command is available to cluster administrators at the admin privilege level.

Description

Some self-encrypting disks (SEDs) are capable of an operation that restores them as much as possible to their as-manufactured state. The storage encryption disk revert-to-original-state command invokes this special operation that is available only in SEDs that have the physical secure ID (PSID) printed on their labels.

The PSID is unique to each SED, meaning the command can revert only one SED at a time. The disk must be in a "broken" or "spare" state as shown by the output of the storage disk show command.

The operation in the SED accomplishes the following changes:
  • Sanitizes all data by changing the disk encryption key to a new random value
  • Sets the data authentication key (AK) and FIPS AK to the default values
  • Resets the data locking controls
  • Resets the power-on lock state to false
  • Initializes other vendor-unique encryption-related parameters

The command releases the cluster shell after launching the operation. Monitor the output of the storage encryption disk show-status command for command completion.

When the operation is complete, it is possible to return the SED to service using the storage disk unfail command in advanced privilege mode. To do so, you might also need to reestablish ownership of the SED using the storage disk assign command.

Parameters

-disk <disk path name> - Disk Name
The name of the SED to be reverted to its as-manufactured state. See the man page for the storage disk modify command for information about disk-naming conventions.
-psid <text> - Physical Secure ID
The PSID printed on the SED label.

Examples

The following command shows a SED being returned to its as-manufactured state:

cluster1::> storage encryption disk revert-to-original-state -disk 01.10.0 -psid AC65PYF8CG45YZABUQJKM98WV2VZGRLD