Lenovo ThinkEdge SE455 V3 User Manual page 219

2. Update the UEFI, XCC and LXPM firmware to the specific version supported by the server. See
glosse4lenovo.lenovo.com/wiki/glosse4lenovo/view/How%20To/System%20related/
How%20to%20do%20RoT%20Module%20FW%20update%20on%20ThinkSystem%20V3%20machines/
3. Perform OneCLI commands to restore the UEFI settings. See
r_restore_command
4. Perform both OneCLI commands and XCC actions to restore the XCC settings. See
pubs.lenovo.com/lxce-onecli/onecli_r_restore_command
.
restorethexcc.html
5. Optionally, do the following if needed:
• Hide TPM. See "Hide/observe TPM" on page
• Update the TPM firmware. See
• Enable UEFI Secure Boot. See
Manage the Self Encryption Drive Authentication Key (SED AK)
For ThinkEdge SE455 V3 with SED installed, the SED AK can be managed in Lenovo XClarity Controller. After
setting up the server or making changes to the configuration, backing up the SED AK is a must operation to
prevent data loss in the hardware failure case.
SED Authentication Key (AK) Manager
Log in to Lenovo XClarity Controller web interface, and go to BMC Configuration ➙ Security ➙ SED
Authentication Key (AK) Manager to manage the SED AK.
Notes: The operation of SED AK Manager is not allowed in the following conditions:
• System Lockdown Mode is in Active state. SED AK is locked until the system is activated or unlocked.
See "Activate or unlock the system" on page 255
• Current user does not have the authority to manage SED AK.
– To generate, backup, and recover the SED AK with passphrase or backup file, the role of XCC user
should be Administrator.
– To recover the SED AK from automatic backup, the role of XCC user should be Administrator+.
SED encryption
The status of SED encryption can be changed from Disabled to Enabled. Complete the following process to
enable SED encryption.
1. Press Enabled button.
2. Select the SED AK generation method:
• Generate key using Passphrase: Set the password and re-enter it for the confirmation.
• Generate key randomly: A Random SED AK will be generated.
3. Press Apply button.
Attention:
• Once SED encryptoin is Enabled, it cannot be changed back to Disabled.
• When SED encryption is enabled, it is necessary to power cycle the system after installing an SED; without
power cycling, the SED will not be recognized by the host OS.
Change the SED AK
• Generate key using Passphrase: Set the password and re-enter it for the confirmation. Click Re-
generate to get the new SED AK.
.
"Update the TPM firmware" on page
"Enable UEFI Secure Boot" on page
https://pubs.lenovo.com/lxce-onecli/onecli_
and
https://pubs.lenovo.com/xcc2/NN1ia_c_
220.
221.
222.
to activate or unlock the system.
.
Chapter 5 Hardware replacement procedures
https://
.
https://
211