Table of Contents
Advertisement
3.2.6 Switching To Mixed Mode
The CO can place the module into the Mixed Mode from the Encryption Disabled
Mode. The CO shall perform the following steps to place the module into the
Mixed Mode:
1. Use the "Drive Operations" menu to place the drive offline
2. Navigate to the "Encrypt" tab in the "Drive Data" window (Configure
Drive Data)
3. Set the "Use OKM or DPKM" field to "DPKM"
4. Set the "Permanently encrypting" field to "UNKN"
5. Press the "Commit" button
After pressing the "Commit" button, the ETD will reboot to normal operation.
From this point forward, the module will be operating in the Mixed Mode of
Operation.
While in Mixed mode, the CO has available several FIPS-Approved services,
including,
1. Firmware Load
2. Remote Management via SSH
Selecting Data Path Key Management (DPKM) to initialize Mixed Mode
establishes keys that are established via non-FIPS Approved methods. This
provides no cryptographic security for the data that is transformed with the keys.
All tape data is considered plaintext in Mixed Mode of operation.
3.3 Zeroization
Zeroization of the module's Critical Security Parameters shall be done under
direct control of the Cryptographic Officer. Zeroization can be accomplished by
the CO performing the Reset service.
The CO shall perform the following steps to zeroize the ETD:
1. Using the "Drive Operations" menu on VOP, reset the ETD (this step is not
required if the drive is operating in the Mixed Mode or the Encryption
Disabled Approved Mode). The drive will reboot.
2. Using an SSH Client program such as PuTTY or OpenSSH, connect to the
ETD using the "cust" account and issue the command "ecpt sshreset". The
drive will reboot.
3. Using the "Retrieve" menu in VOP, select "Delete Dumps".
This document may be freely reproduced and distributed whole and intact including this Copyright notice.
© Copyright 2017 Oracle Corporation
Page 49 of 51
Advertisement
Table of Contents
