10.1 Self Encrypting Drive (SED) Initial Setup

• If the controller only supports maxCrypto. For more details, see 9 Working with maxCrypto™ Devices.
• If the controller only supports Managed SED. For more details, see 10 Working with Self Encrypting Drive (SED) Based Encryption.
• If the controller only supports SPDM. For more details, see 11 Working with Security Protocol and Data Model (SPDM).
• If the controller supports maxCrypto, Managed SED, and Security Protocol and Data Model (SPDM) but neither are configured, perform the following steps for SED Intial Setup.
  1. Click the Security Settings ribbon icon to display the Security Settings dialog box.
     
  2. Select Self Encrypting Drive (SED) Based Encryption option and then click OK. The Self Encrypting Drive (SED) Based Encryption dialog box appears, which is explained further in this section.
     

1. Key Management Mode: This property manages the master key based on the mode. Currently, maxView supports both Local and Remote key management mode. For Remote key mode, you need to configure the KMS server using pre-boot.
2. Master Key: This property is used to set the unique key.
   • It must consist of all the printable ASCII characters and length should be 8-32 characters long
   • It must consist of at least one uppercase character
   • It must consist of at least one lowercase character
   • It must consist of at least one number
   • It must consist of at least one special character (#, @, $...)

     The Master Key should be remembered or stored manually. There is no option to retrieve it; however, you can reset the Master Key.

     Note: This field is applicable only for Local Mode and is disabled in Remote Mode.
3. Re-Enter Master Key: This should match to the entered master key.
   Note: This field is applicable only for Local Mode.
4. Master Key Identifier: Master key identifier is a hint that helps to remember master key. It is optional and must be between 0 and 32 character long and should contain only ASCII characters.
   Note: This field is applicable only for Local Mode and is disabled in Remote Mode.
5. Set Controller Password: The Controller Password is an optional setting. Check the Set Controller Password check box to enable the controller password during initial setup.
6. Controller Password: This is for additional security. If a controller password is set, all SED physical and logical devices are offline at the boot time. Enter the controller password to bring the SED devices online. It is recommended to use the same controller password for all encrypted controllers in the server.

   When enabled, the controller does not use the master key to unlock any SEDs until the password is supplied and validated.

   Note: This field is applicable only for Local Mode and is disabled in Remote Mode.
7. Re-Enter Controller Password: This must match to the entered controller password.
   Note: This field is applicable only for Local Mode and is disabled in Remote Mode.

The following message is displayed when the Set Controller Password is selected:

Please record the Master Key. There is no way for recovering or displaying the Master Key once the value is set. Failure to provide the Master Key may result in encrypted data being inaccessible.

Once user select the Set Controller Password, the following message gets displayed:

If a controller password is set, all encrypted logical device will be offline at boot time. The user must enter the controller password to bring the encrypted logical device online. It is recommended to use the same controller password for all encrypted controllers in the server.