HP StorageWorks 8/40 Brocade Fabric OS Administrator's Guide v6.3.0 (53-100133 - Page 566
Power-up self tests, Conditional Tests, Fabric, OS Troubleshooting and Diagnostics Guide
View all HP StorageWorks 8/40 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 566 highlights
D Zeroization functions TABLE 97 Keys Zeroization Behavior Zeroization CLI FCAP Private Key pkiremove SSH Session Key No CLI required SSH RSA private Key RNG Seed Key No CLI required No CLI required Passwords passwddefault fipscfg --zeroize TLS private keys seccertutil delkey TLS pre-master secret TLS session key TLS authentication key RADIUS secret No CLI required No CLI required No CLI required aaaconfig --remove Description The pkiCreate command creates the keys, and 'pkiremove' removes/zeroizes the keys. This is generated for each SSH session that is established to and from the host. It automatically zeroizes on session termination. Key-based SSH authentication is not used for SSH sessions. /dev/urandom is used as the initial source of seed for RNG. RNG seed key is zeroized on every random number generation. This will remove user-defined accounts in addition to default passwords for the root, admin, and user default accounts. However only root has permissions for this command. So securityadmin and admin roles need to use fipsCfg --zeroize, which in addition to removing user accounts and resetting passwords, also does the complete zerioization of the system. The command secCertUtil delkey is used to zeroize these keys. Automatically zeroized on session termination. Automatically zeroized on session termination. Automatically zeroized on session termination. The aaaConfig --remove zeroizes the secret and deletes a configured server. Power-up self tests The self tests are invoked by powering on the switch in FIPS mode and do not require any operator intervention. These power-up self tests perform power-on self-tests. If any KATs fail, the switch goes into a FIPS Error state which reboots the system to start the tests again. If the switch continues to fail the FIPS POST tests, you will need to boot into single-user mode and perform a recovery procedure to reset the switch. For more information on this procedure, refer to the Fabric OS Troubleshooting and Diagnostics Guide. Conditional Tests These tests are for the random number generators and are executed to verify the randomness of the random number generator. The conditional tests are executed each time prior to using the random number provided by the random number generator. The results of all self-tests, for both power-up and conditional, are recorded in the system log or are output to the local console. This includes logging both passing and failing results. Refer to the Fabric OS Troubleshooting and Diagnostics Guide for instructions on how to recover if your system cannot get out of the conditional test mode. 524 Fabric OS Administrator's Guide 53-1001336-01