Dell POWEREDGE M1000E User Manual
Page 179
Fabric OS Command Reference
147
53-1001764-02
cryptoCfg
2
The --initnode function must be performed before the --initEE function may
be performed.
--
initEE
Initializes the encryption engine (EE). This command generates critical
security parameters (CSPs) and certificates in the CryptoModule’s security
processor (SP). The CP and the SP perform a certificate exchange to register
respective authorization data. Initialization must be performed on every
encryption engine before configuration options may be set and encryption
may be enabled.
This command prompts for confirmation, because it overwrites any previously
generated identification or authentication data on the SP. Existing key
encryption keys (KEKs) such as link keys or master keys are erased. If this is
not a first-time initialization, make sure to export the master key before
running this command. If the encryption engine was configured with an LKM
key vault, you will have to reconfigure the key vault to regenerate the Trusted
Link after initializing the encryption engine.
The --initnode function must be performed before the --initEE function may
be performed.
slot
Specifies the slot number of the encryption engine to be initialized. This
operand is required on bladed systems.
--
regEE
Registers a previously initialized encryption engine with the CP or chassis.
The CP and the specified encryption engine perform a certificate exchange to
register respective authorization lists across the encryption engine’s FIPS
boundary. The encryption blade's certificate is registered with the CP. The CP,
FIPS Crypto Officer, and FIPS User certificate are registered with the specified
encryption engine.
slot
Specifies the slot number of the encryption engine to be registered. This
operand is required on bladed systems.
--
enableEE | --disableEE
Enables or disables an encryption engine to perform encryption. You must
create the encryption group and complete the key vault registration before
you can enable an encryption engine for encryption. In addition, you must
re-enable the encryption engine for encryption every time a Brocade
Encryption Switch or DCX chassis goes through a power cycle event or after
issuing slotPowerOff followed by slotPowerOn for an FS8-18 blade. This
command is valid on all nodes.
slot
Specifies the slot number to identify the encryption engine. This operand is
required on bladed systems.
--
export
Exports a certificate from the local encryption switch or blade to a specified
external host or to a mounted USB device. This command is valid on all
nodes. The files are exported from the predetermined directory that was
generated during the node initialization phase. The following operands are
supported with the --export command:
-scp
Exports a specified certificate to an external host using the secure copy (SCP)
protocol.
When -scp is specified, the following operands are required: