1IPMCTL-CHANGE-DEVICE-SECURITY(1)    ipmctl    IPMCTL-CHANGE-DEVICE-SECURITY(1)
2
3
4

NAME

6       ipmctl-change-device-security - Changes the DCPMM security lock state
7
8           Note
9           This command is subject to OS Vendor (OSV) support. It will return
10           "Not Supported." An exception is if the DCPMM is Unlocked Seurity
11           State, then transitioning to Disabled is permitted.
12

SYNOPSIS

14       ipmctl set [OPTIONS] -dimm [TARGETS] Lockstate=(Unlocked|Disabled|Frozen)
15       Passphrase=(string)
16

DESCRIPTION

18       Changes the data-at-rest security lock state for the persistent memory
19       on one or more DCPMMs.
20

OPTIONS

22       -h, -help
23           Displays help for the command.
24
25       -o (text|nvmxml), -output (text|nvmxml)
26           Changes the output format. One of: "text" (default) or "nvmxml".
27
28       -source (path)
29           File path to a local file containing the new passphrase (1-32
30           characters).
31

TARGETS

33       -dimm (DimmIDs)
34           Changes the lock state of a specific DCPMMs by supplying one or
35           more comma separated DCPMM identifiers. However, this is not
36           recommended as it may put the system in an undesirable state. The
37           default is to modify all manageable DCPMMs.
38

PROPERTIES

40       LockState
41           The desired lock state.
42
43           ·   "Disabled": Removes the passphrase on an DCPMM to disable
44               security. Permitted only when LockState is Unlocked.
45
46           ·   "Unlocked": Unlocks the persistent memory on a locked DCPMM.
47
48           ·   "Frozen": Prevents further lock state changes to the DCPMM
49               until the next reboot.
50
51       Passphrase
52           The current passphrase (1-32 characters). For better passphrase
53           protection, specify an empty string (e.g., Passphrase="") to be
54           prompted for the current passphrase or to use a file containing the
55           passphrases with the source option.
56

EXAMPLES

58       Unlocks device 0x0001.
59
60       ipmctl set -dimm 0x0001 LockState=Unlocked Passphrase=""
61
62       Unlocks device 0x0001 by supplying the passphrase in the file
63       "mypassphrase.file". In this example, the format of the file would be:
64
65       #ascii
66       Passphrase=myPassphrase
67
68       ipmctl set -source myfile.file -dimm 0x0001 LockState=Unlocked
69       Passphrase=""
70

LIMITATIONS

72       To successfully execute this command, the caller must have the
73       appropriate privileges and the specified DCPMMs must be manageable by
74       the host software, have security enabled, not be in the "Unlocked,
75       Frozen", "Disabled, Frozen", or "Exceeded" lock states, and not
76       executing a long operation (ARS, Overwrite, FWUpdate).
77
78       The command is subject to OS Vendor (OSV) support. If OSV does not
79       provide support, the command may return "Not Supported." An exception
80       is if the DCPMM is Unlocked (via UEFI or OSV tool), then transitioning
81       to Disabled is possible regardless of OSV support.
82

RETURN DATA

84       If an empty string is provided for the passphrase property and the
85       source option is not included, the user will be prompted (once for all
86       DCPMMs) to enter the current passphrase. The passphrase characters are
87       hidden.
88
89       Current passphrase: **
90
91       For each DCPMM, the CLI will indicate the status of the security state
92       change. If a failure occurs when changing multiple DCPMMs, the process
93       will exit and not continue updating the remaining DCPMMs.
94

SAMPLE OUTPUT

96       Unlock DIMM (DimmID): Success
97       Unlock DIMM (DimmID): Error (Code) - (Description)
98       Remove passphrase from DIMM (DimmID): Success
99       Remove passphrase from DIMM (DimmID): Error (Code) - (Description)
100
101
102
103ipmctl                            2019-04-10  IPMCTL-CHANGE-DEVICE-SECURITY(1)
Impressum