application commands
storage encryption disk destroy
Suggest changes
-
PDF of this doc site
Collection of separate PDF docs
Creating your file...
Cryptographically destroy a self-encrypting disk
Availability: This command is available to cluster administrators at the admin privilege level.
Description
The storage encryption disk destroy command cryptographically destroys a self-encrypting disk (SED), making it incapable of performing I/O operations. This command performs the following operations:
-
Employs the inherent erase capability of SEDs to cryptographically sanitize the disk
-
Permanently locks the disk to prevent further data access
-
Changes the data and FIPS authentication keys to random values that are not recorded except within the SED.
Use this command with extreme care. The only mechanism to restore the disk to usability (albeit without the data) is the storage encryption disk revert-to-original-state operation that is available only on disks that have the physical secure ID (PSID) printed on the disk label.
The destroy command requires you to enter a confirmation phrase before proceeding with the operation.
The command releases the cluster shell after launching the operation. Monitor the output of the storage encryption disk show-status command for command completion.
Upon command completion, remove the destroyed SED from the system.
Parameters
-disk <disk path name>- Disk Name-
This parameter specifies the name of the disk you want to cryptographically destroy. See the man page for the
storage disk modifycommand for information about disk-naming conventions. [-force-all-states <true>]- Destroy All Matching Disks-
When this parameter is
falseor not specified, the operation defaults to spare and broken disks only, as reported in the output of the storage disk show command. When you specify this parameter astrue, it allows you to cryptographically destroy all matching disk names regardless of their state, including those in active use in aggregates. This allows a quick destroy of all system disks if you use the-diskparameter with the asterisk wildcard (*). If you destroy active disks, the nodes might not be able to continue operation, and might halt or panic.
Examples
The following command cryptographically destroys the disk 1.10.20:
cluster1::> storage encryption disk destroy 1.10.20
Warning: This operation will cryptographically destroy 1 spare or broken
self-encrypting disks on 1 node.
You cannot reuse destroyed disks unless you revert
them to their original state using the PSID value.
To continue, enter
destroy disk
:destroy disk
Info: Starting destroy on 1 disk.
View the status of the operation by using the
"storage encryption disk show-status" command.
cluster1::>
If you do not enter the correct confirmation phrase, the operation is aborted:
cluster1::> storage encryption disk destroy 1.10.2*
Warning: This operation will cryptographically destroy 5 spare or broken
self-encrypting disks on 1 node.
You cannot reuse destroyed disks unless you revert
them to their original state using the PSID value.
To continue, enter
destroy disk
:yes
No disks destroyed.
cluster1::>
The following command quickly cryptographically destroys all system disks, including those in active use in aggregates and shared devices:
cluster1::> storage encryption disk destroy -force-all-states -disk *
Warning: This operation will cryptographically destroy 96
self-encrypting disks on 4 nodes.
To continue, enter
destroy disk
:destroy disk
Info: Starting destroy on 96 disks.
View the status of the operation by using the
link:storage-encryption-disk-show-status.html[storage encryption disk show-status] command.
cluster1::>