Managing data encryption on SME disks contains the following topics:
• Performing Data Preparation on the Disk for Converting Clear Data to Encrypted Data
• Performing Data Preparation on the Disk for Converting Encrypted Data to Clear Data
• Rekeying on an Encrypted Disk
• Performing Disk Encryption to Convert the Disk Status from Clear to Crypto
• Performing Disk Encryption to Convert the Disk Status from Crypto to Clear
• Exporting and Importing Keys
Caution When the enable or disable operation is performed on the disk in signature mode, ensure that there is a minimum of one I/O path to the disk. If there are no I/O paths, enable fails. During disable, if there are no I/O paths, the media continues using stored signatures which results in failure during discovery.
Caution When the enable or disable operation is performed on a disk, you must save running-config to startup-config on all the switches. Failure to do so results in Persistent Storage Service (PSS) on the switch inconsistent with the state of the disk as recorded in the CKMC. During the disable operation, if there are no I/O paths, the key for the disk in the KMC is archived and the disk state is set to clear. However, the signature on the media is not cleared by SME since there is no I/O access to the disk. This results in the disk going to a failed state because of the inconsistency in the state of the disk between KMC and the information in the disk signature.