Security Policy, Version 0.10
February 27, 2015
HP P-Class Smart Array RAID Controllers
Page 17 of 27
© 2015 Hewlett-Packard Development Company, L.P.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
3
Secure Operation
The HP P-Class Smart Array RAID Controllers meet Level 2 requirements for FIPS 140-2. The sections
below describe how to place and keep the modules in FIPS-Approved mode of operation.
3.1 Initial Setup
The P230i and P830i controllers are pre-installed in the target server.
The P430, P431, and P731m
controllers must be installed in a supported server. The HP Smart Array P430 Controller User Guide, HP
Smart Array P431 Controller User Guide, and HP Smart Array P731m Controller User Guide include the
sets to install the controllers in a supported server.
The modules are delivered in a non-operational factory state with physical security kits installed. The CO
is responsible for installation (as applicable), initialization, and security-relevant configuration and
management activities for each module. The modules can be configured through the underlying server's
Smart Storage Administrator (SSA), Secure Encryption Graphical User Interface (GUI), HP SSA Scripting
interface, or through the SSA Command Line Interface (CLI) utility. Once initialized, only the Secure
Encryption GUI can be used to manage the module. The commands and buttons used in these interfaces
translate to commands that enter the modules over the PCIe bus.
To configure the modules for their Approved mode of operation, the CO must:
1.
Verify physical security mechanisms are properly installed.
2.
Set the CO password, key management mode, encryption mode, and disallow plaintext volumes
3.
Enable the User role
4.
Verify and lock the firmware
Guidance for performing these tasks through the SSA GUI can be found in the HP Secure Encryption
Installation and User Guide and in this FIPS 140-2 Security Policy.
3.1.1 Initial Setup using the Server GUI
To initialize each module using the SSA GUI, start the HP SSA utility and select the controller to be
configured. Then follow the steps below to complete the initial setup.
Ensure physical security mechanisms are properly installed
The modules are delivered with physical security kits pre-installed by HP. These physical security
kits include metal port/component covers and tamper-evident tape.
The CO shall inspect the
modules upon receipt to ensure that the kits are properly installed. Diagrams and descriptions of
the installed kits are provided below.
a.
The P230i is an embedded controller and is shown in Figure 2 with the physical security
kit installed. The P431 is shown with the required one (1) metal cover and three (3) strips
of tamper-evident tape.