Installing The Software; Initializing The System For Drive Encryption - Nvidia DGX A100 User Manual


Once initialized, SEDs are locked upon power loss, such as a system shutdown or
drive removal.
Locked drives get unlocked after power is restored and the root file system is
mounted.

Provides functionality to export the vault.

Provides functionality for erasing the drives.

Provides the ability to revert the initialization.
6.2

INSTALLING THE SOFTWARE

Use the package manager to install the nv-disk-encrypt package and then reboot the
system.
$ sudo apt update
$ sudo apt install nv-disk-encrypt -y
$ sudo reboot
6.3 INITIALIZING THE SYSTEM FOR DRIVE
ENCRYPTION
Initialize the system for drive encryption using the nv-disk-encrypt command.
Syntax
$ sudo nv-disk-encrypt init [-k <your-vault-password>] [-f <path/to/
json-file>] [-g] [-r]
Options:
•
-k: Lets you create the vault password within the command. Otherwise, the
software will prompt you to create a password before proceeding.
•
-f: Lets you specify a JSON file that contains a mapping of passwords to drives. See
"Example 1: Passing in the JSON File"
•
-g: Generates random salt values (stored in /etc/nv-disk-encrypt/
.dgxenc.salt) for each drive password. NVIDIA strongly recommends using
this option for best security, otherwise the software will use a default salt value
instead of a randomly generated one.
•
-r: Generates random passwords for each drive. This avoids the need to create a
JSON file or the need to enter a password one by one during the initialization.
DGX A100 System User Guide
Chapter 6 : Managing the DGX A100 Self-Encrypting Drives
for further instructions.
DU-09821-001_v01 | 33