Home > Storage > PowerScale (Isilon) > Product Documentation > Security and Compliance > Dell PowerScale OneFS: Security Considerations > SEDs cryptographic erasure
During the decommissioning of a PowerScale node or during a drive replacement, a common concern with SEDs is confirming they are cryptographically erased.
You can cryptographically erase an SED by running SmartFail on a PowerScale node or drive. During the SmartFail process, OneFS issues a command to reset the DEK and delete the AK, cryptographically erasing the drive.
If an SED is SmartFailed and in the Replace state, it has been cryptographically erased. However, if a drive failure occurs and is in the Erase state, the data is not cryptographically erased. The data is inaccessible even in the Erase state.
During the SmartFail process, to ensure that the data on an SED is unreadable, OneFS completes at least one of the following actions:
The explanation of each SmartFail state is summarized in the following table.
SmartFail state | DEK erased and reset | AK erased and reset | Cryptographic erasure | Data inaccessible |
Replace | ✔ | ✔ | ✔ | ✔ |
Erase |
| ✔ |
| ✔ |
As explained previously, OneFS attempts to place each SED in the Replace state. This section explains how to confirm the SED is in the Replace state.
When a node completes the SmartFail process, it reboots to the configuration wizard. You can exit the wizard and check the /var/log/isi_sed log.
The log contains a release_ownership message for each drive as it goes through the SmartFail process, confirming it is in a Replace state, as shown in the following snippet:
2019-01-15T22:45:56Z <1.6> H400-SED-4 isi_sed[63658]: Command: release_ownership, drive bays: 1
2019-01-15T22:46:39Z <1.6> H400-SED-4 isi_sed[63658]: Bay 1: Dev da1, HITACHI H5SMM328 CLAR800, SN 71V0G6SX, WWN 5000cca09c00d57f: release_ownership: Success
Alternatively, to check an individual drive for its status, run the isi_sed command.
Caution: Practice extreme caution when using the isi_sed command. If you use it with incorrect syntax, it can destroy data and impact cluster operation. Do not use any of the command's other options without explicit instructions from PowerScale Technical Support. Before you run any commands in this section, double-check the command syntax for errors.
To query an SED for its status:
isi_drivenum
Drive device names are displayed in the format /dev/da#, where # is a number. Make a note of the da# for the next step.
# /usr/bin/isi_hwtools/isi_sed drive <da#>
Note: This command may take 30 seconds or longer to complete.
After you attempt the SmartFail process, if a drive is in the Erase state and cryptographic erasure is required, manually revert the SED drive to the Unowned state. This state is the factory-fresh state. The SED physical security ID (PSID) is required for reverting an SED to the Unowned state. For enhanced security, the PSID is only accessible by removing the drive and examining the drive label.
The PSID, or Physical SID of the drive, is a 32-character password assigned by the drive manufacturer during production. A host system cannot change the password. The PSID is on the drive label in a readable format, and depending on the drive manufacturer, it may also be available in a barcode format.
If the revert command is issued to an SED and its matching PSID is entered at the prompt, the SED prepares for reinitialization by deleting its DEK and drive-access password. The SED ownership state resets to unowned. After the state resets, the drive is in a factory-fresh state, and any previous data is permanently cryptographically erased.
Note: The PSID can only be used for reverting the drive; it does not grant access to any encrypted data present on the drive.
If an entire PowerScale cluster requires cryptographic erasure, either reimage or reformat the cluster. Once complete, all SEDs are cryptographically erased.
Note: The format process on SEDs requires significantly more time than on nonencrypted drives because encryption seed data is written to all sectors on the drive. If the format process is interrupted, due to power loss or drive removal, the node automatically destroys the AK.
If an entire PowerScale node requires cryptographic erasure rather than individual SEDs, you can complete this action by performing a SmartFail on the node. In this process, all drives are released from the node, ensuring they are cryptographically erased.