Self-Encrypting Drives remain unlocked until reset - Lenovo ThinkSystem

Self-Encrypting Drives remain unlocked until reset - Lenovo ThinkSystem

Self-Encrypting Drives remain unlocked until reset - Lenovo ThinkSystem

Symptom

If Self-Encrypting Drives (SED) were unlocked followed by a system reboot / warm reset, these drives will remain unlocked on the next boot even when the External Key Management (EKM) / Security Key Lifecycle Manager (SKLM) server hosting the security keys is unreachable at boot time.

Affected Configurations

The system is configured with one or more of the following Lenovo Options:

  • RAID 530-4i Flex Adapter, Option 7M17A03932, any FRU
  • RAID 530-4i Flex Adapter, Option 7M27A03918, any FRU
  • RAID 530-8i Dense Adapter, Option, any FRU
  • RAID 530-8i PCIe 12Gb Adapter, Option 7Y37A01082, any FRU
  • RAID 930-16i 4GB Flash PCIe 12Gb Adapter, Option 7Y37A01085, any FRU
  • RAID 930-24i 4GB Flash PCIe 12Gb Adapter, Option 7Y37A01086, any FRU
  • RAID 930-4i 2GB Flash Flex Adapter, Option 7M17A03933, any FRU
  • RAID 930-4i 2GB Flash Flex Adapter, Option 7M27A03917, any FRU
  • RAID 930-8e 4GB Flash PCIe 12Gb Adapter, Option 7Y37A01087, any FRU
  • ThinkSystem RAID 930-8i 2GB Flash PCIe 12Gb Adapter, Option 7Y37A01084, any model

This tip is not system specific.

This tip is not software specific.

The system has the symptom described above.

Solution

This is a permanent restriction, there will be no solution.

Workaround

To lock the drives, power off the system.

Additional Information

The SED remain unlocked until the drive is reset, and drives are not reset on system reset / system warmboot.

Alias Id:98358
Document ID:HT505240
Original Publish Date:09/12/2017
Last Modified Date:06/13/2019