storage encryption disk revert-to-original-state
Revert a self-encrypting disk to its original, as-manufactured state
Availability: This command is available to cluster administrators at the admin privilege level.
Description
Some self-encrypting disks (SEDs) are capable of an operation that restores them as much as possible to their as-manufactured state. The storage encryption disk revert-to-original-state
command invokes this special operation that is available only in SEDs that have the physical secure ID (PSID) printed on their labels.
The PSID is unique to each SED, meaning the command can revert only one SED at a time. The disk must be in a "broken" or "spare" state as shown by the output of the storage disk show command.
The operation in the SED accomplishes the following changes:
-
Sanitizes all data by changing the disk encryption key to a new random value
-
Sets the data authentication key (AK) and FIPS AK to the default values
-
Resets the data locking controls
-
Resets the power-on lock state to
false
-
Initializes other vendor-unique encryption-related parameters
The command releases the cluster shell after launching the operation. Monitor the output of the storage encryption disk show-status command for command completion.
When the operation is complete, it is possible to return the SED to service using the storage disk unfail command in advanced
privilege mode. To do so, you might also need to reestablish ownership of the SED using the storage disk assign command.
Parameters
-disk <disk path name>
- Disk Name-
The name of the SED to be reverted to its as-manufactured state. See the man page for the
storage disk modify
command for information about disk-naming conventions. -psid <text>
- Physical Secure ID-
The PSID printed on the SED label.
Examples
The following command shows a SED being returned to its as-manufactured state:
cluster1::> storage encryption disk revert-to-original-state -disk 01.10.0 -psid AC65PYF8CG45YZABUQJKM98WV2VZGRLD