6.8
Exporting the Vault
To export all drive keys out to a file, use the export function. This requires that you pass in the
vault password.
$ sudo nv-disk-encrypt export -k <your-vault-password>
Writing vault data to /tmp/secrets.out.
The /tmp/secrets.out file will contain the mapping of disk serial numbers to drive
passwords.
6.9
Erasing your Data
!
CAUTION: Be aware when executing this that all data will be lost. On DGX A100 systems, these
drives generally form a RAID 0 array - this will also be destroyed when performing an erase.
After initializing the system for SED management, use the nv-disk-encrypt command to erase
data on your drives after stopping cachefilesd and unmounting the RAID array as follows.
Fully stop the RAID.
1.
$ systemctl stop cachefilesd
$ sudo umount /raid
$ sudo mdadm --stop /dev/md1
Perform the erase.
2.
$ sudo nv-disk-encrypt erase
This command does the following:
Sets the drives in an unlocked state
•
Disables locking on the drives
•
Removes the RAID 0 array configuration
•
To rebuild the RAID array, issue the following command:
$ sudo /usr/bin/configure_raid_array.py -c -f
6.10
Clearing the TPM
If you've lost the password to your TPM, you will not be able to access its contents. In this
case, the only way to regain access to the TPM is to clear the TPM's contents. After clearing
the TPM, you will need to re-initialize the vault and SED authentication keys.
To clear the TPM, do the following.
Reboot the DGX A100, then press [Del] or [F2] at the NVIDIA splash screen to enter the
1.
BIOS Setup.
Navigate to the Advanced tab on the top menu, then scroll to Trusted Computing and press
2.
[Enter].
DGX A100 System
Managing the DGX A100 Self-Encrypting Drives
DU-09821-001_v06 | 39