Purpose; Terminology; Terminology Used In Fde - Lenovo ThinkServer RD240 Software User's Manual

3.2

Purpose

3.3

Terminology

Option
Authenticated Mode
Blob
Key backup
Passphrase
Re-provisioning
3-2
Security is a growing market concern and requirement. MegaRAID
customers are looking for a comprehensive storage encryption solution
to protect data. You can use the FDE feature to help protect your data.
Table 3.1 describes the terminology related to the FDE feature.
Table 3.1

Terminology used in FDE

Description
The RAID configuration is keyed to a user passphrase. The passphrase
must be provided on system boot to authenticate the user and facilitate
unlocking the configuration for user access to the encrypted data.
A blob is created by encrypting a key(s) using another key. There are two
types of blob in the system – encryption key blob and security key blob.
You need to provide the controller with a lock key if the controller is replaced
or if you choose to migrate secure virtual disks. To do this, you must back
up the security key.
An optional authenticated mode is supported in which you must provide a
passphrase on each boot to make sure the system boots only if the user is
authenticated. Firmware uses the user passphrase to encrypt the security
key in the security key blob stored on the controller.
Re-provisioning disables the security system of a device. For a controller, it
involves destroying the security key. For Full Disk (FDE) drives, when the
drive lock key is deleted, the drive is unlocked and any user data on the
drive is securely deleted. This does not apply to controller-encrypted drives,
because deleting the virtual disk destroys the encryption keys and causes
a secure erase. See
about the instant secure erase feature.
Full Disk Encryption
Section 3.5, "Instant Secure Erase" for information