Security Policy, Version 0.10
February 27, 2015
HP P-Class Smart Array RAID Controllers
Page 22 of 27
© 2015 Hewlett-Packard Development Company, L.P.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
2.
EncryptionCryptoPasswordSet
sets the CO's password. The CO password
must be at least 10 characters long.
3.
EncryptionKeyManager
sets the encryption mode to either `Local' or
`Remote'.
4.
AllowPlainText
is set to `False' so that all new volumes created will be
encrypted.
5.
Encryption
is set to `Enable'. This initiates self-tests and the module is capable
of encrypted data.
6.
EncryptionUserPasswordSet
set's the User password. The User password
must be at least 10 characters long.
7.
Firmwarelock is set to `O
n'. Locking the firmware prevents any further
updates to the firmware, and ensures that the module is operating with the validated
firmware.
3.1.3 Initial Setup using the SSA CLI
To initialize the module using the SSA CLI, follow the steps in the HP Smart Storage Administrator User
Guide, section "Accessing HP SSA in the online environment to download and launch the application.
Then open the HP Smart Storage Administrator CLI. Then follow the steps below to complete the initial
setup.
Ensure physical security mechanisms are properly installed
Modules have physical security kits installed by HP. See 3.1.1 for diagrams of the physical
security kits as they appear when installed.
Set the CO password, key management mode, encryption mode, and disallow plaintext volumes
To set these configuration items, use the following command sequence:
Controller slot=[PCI slot number] enableencryption [eula=yes]
encryption=on localkeymanagermode=[on
off] mixedvolumes=off
[password=PASSWORD STRING] masterkey=MASTERKEY
where:
1. encryption=on enables the encryption mode for the module
2. localkeymanagermode sets the local mode when `on' and the remote mode when
`off'
3. mixedvolumes=off allows only encrypted logical disk creation.
4. password allows the operator to input the CO password. The CO password must be
at least 10 characters long.
In Local mode, this password is used to generate the Local Master Key.
Enable the User role
To enable the User role, use the following command sequence:
Controller
slot=[PCI
slot
number]setpasswd
user=user
password=PASSWORD STRING
The User password is required to be at least 10 characters long.
Verify and lock firmware