Emergency shredding of data on an FIPS drive or SED

Contributors

In case of a security emergency, you can instantly prevent access to a FIPS drive or SED, even if power is not available to the storage system or the KMIP server.

What you’ll need
  • You must be using a KMIP server, and the KMIP server must be configured with an easily destroyed authentication item (for example, a smart card or USB drive).

  • You must be a cluster administrator to perform this task.

Step
  1. Perform emergency shredding of data on a FIPS drive or SED:

    If…​

    Then…​

    Power is available to the storage system and you have time to take the storage system offline gracefully

    1. If the storage system is configured as an HA pair, disable takeover.

    2. Take all aggregates offline and delete them.

    3. Set the privilege level to advanced:
      set -privilege advanced

    4. If the drive is in FIPS-compliance mode, set the FIPS authentication key ID for the node back to the default MSID:
      storage encryption disk modify -disk * -fips-key-id 0x0

    5. Halt the storage system.

    6. Boot into maintenance mode.

    7. Sanitize or destroy the disks:

      • If you want to make the data on the disks inaccessible and still be able to reuse the disks, sanitize the disks:
        disk encrypt sanitize -all

      • If you want to make the data on the disks inaccessible and you do not need to save the disks, destroy the disks:
        disk encrypt destroy disk_id1 disk_id2 …

      Note

      The disk encrypt sanitize and disk encrypt destroy commands are reserved for maintenance mode only. These commands must be run on each HA node, and are not available for broken disks.

    8. Repeat these steps for the partner node. This leaves the storage system in a permanently disabled state with all data erased. To use the system again, you must reconfigure it.

    Power is available to the storage system and you must shred the data immediately

    1. If the storage system is configured as an HA pair, disable takeover.

    2. Set the privilege level to advanced:
      set -privilege advanced

    3. Sanitize or destroy the disks:

      • If you want to make the data on the disks inaccessible and still be able to reuse the disks, sanitize the disks:
        storage encryption disk sanitize -disk * -force-all-states true

      • If you want to make the data on the disks inaccessible and you do not need to save the disks, destroy the disks:
        storage encryption disk destroy -disk * -force-all-states true The storage system panics, leaving the system in a permanently disabled state with all data erased. To use the system again, you must reconfigure it.

    Power is available to the KMIP server but not to the storage system

    1. Log in to the KMIP server.

    2. Destroy all keys associated with the FIPS drives or SEDs that contain the data you want to prevent access to. This prevents access to disk encryption keys by the storage system.

    Power is not available to the KMIP server or the storage system

    Destroy the authentication item for the KMIP server (for example, the smart card). This prevents access to disk encryption keys by the storage system.

    For complete command syntax, see the man pages.