Lenovo ThinkAgile MX Certified Node 1U User Manual page 20

DCPMMs can be secured with passphrases. Two types of passphrase protection scope are available
for DCPMM:
– Platform: Choose this option to run security operation on all the installed DCPMM units at once. A
platform passphrase is stored and automatically applied to unlock DCPMMs before operating
system starts running, but the passphrase still has to be disabled manually for secure erase.
Alternatively, enable/disable platform level security with the following commands in OneCLI:
• Enable security:
1. Enable security.
onecli.exe config set IntelOptaneDCPMM.SecurityOperation "Enable Security"
--imm USERID:PASSW0RD@10.104.195.86
2. Set the security passphrase.
onecli.exe config set IntelOptaneDCPMM.SecurityPassphrase "123456"
--imm USERID:PASSW0RD@10.104.195.86
Where 123456 stands for the passphrase.
3. Reboot the system.
• Disable security:
1. Disable security.
onecli.exe config set IntelOptaneDCPMM.SecurityOperation "Disable Security"
--imm USERID:PASSW0RD@10.104.195.86
2. Enter passphrase.
onecli.exe config set IntelOptaneDCPMM.SecurityPassphrase "123456"
--imm USERID:PASSW0RD@10.104.195.86
3. Reboot the system.
– Single DCPMM: Choose this option to run security operation on one or more selected DCPMM
units.
Notes:
• Single DCPMM passphrases are not stored in the system, and security of the locked units needs
to be disabled before the units are available for access or secure erase.
• Always make sure to keep records of the slot number of locked DCPMMs and corresponding
passphrases. In the case the passphrases are lost or forgotten, the stored data cannot be backed
up or restored, but you can contact Lenovo service for administrative secure erase.
• After three failed unlocking attempts, the corresponding DCPMMs enter "exceeded" state with a
system warning message, and the DCPMM unit can only be unlocked after the system is
rebooted.
To enable passphrase, go to Security ➙ Press to Enable Security.
– Secure Erase
Note: If the DCPMMs to be secure erased are protected with a passphrase, make sure to disable
security and reboot the system before performing secure erase.
Secure erase cleanses all the data that is stored in the DCPMM unit, including encrypted data. This
data deletion method is recommended before returning or disposing a malfunctioning unit, or changing
DCPMM mode. To perform secure erase, go to Security ➙ Press to Secure Erase.
Alternatively, perform platform level secure erase with the following command in OneCLI:
onecli.exe config set IntelOptaneDCPMM.SecurityOperation "Secure Erase Without Passphrase"
ThinkAgile MX Certified Node 1UThinkAgile MX3321-H, MX3321-FUser Guide
16