Fabric OS Administrator's Guide v7.0.0 (53-1002148-02, June 2011)

ManualsBrandsHP ManualsSoftwareHP StorageWorks ISL quick loop

551

552

553

554

555

556

557

558

559

560

516 Fabric OS Administrator’s Guide

53-1002148-02

Zeroization functions

Power-on self tests

A power-on self test (POST) is invoked by powering on the switch in FIPS mode and does not require

any operator intervention. If any KATs fail, the switch goes into a FIPS Error state, which reboots the

system to start the test again. If the switch continues to fail the FIPS POST, you will need to return

your switch to your switch service provider for repair. Refer to the Fabric OS Troubleshooting and

Diagnostics Guide for information about preparing a case for your service provider.

Conditional tests

These tests are for the random number generators and are executed to verify the randomness of

the random number generator. The conditional tests are executed each time prior to using the

random number provided by the random number generator.

FCSP Challenge

Handshake

Authentication Protocol

(CHAP) Secret

secAuthSecret –-remove

value | –-all

The secAuthSecret

--remove value command is used

to remove the specified keys from the database. When

the secAuthSecret command is used with the --remove

–-all option, then the entire key database is deleted.

Passwords passwdDefault

fipscfg –-zeroize

The passwdDefault command removes user-defined

accounts in addition to default passwords for the root,

admin, and user default accounts. However, only the

root account has permissions for this command. Users

with securityadmin and admin permissions must use

fipsCfg

–-zeroize, which, in addition to removing user

accounts and resetting passwords, also does the

complete zeroization of the system.

RADIUS secret aaaConfig –-remove The aaaConfig

--remove command zeroizes the

secret and deletes a configured server.

RNG seed key No command required /dev/urandom is used as the initial source of seed for

RNG. The RNG seed key is zeroized on every random

number generation.

SFTP session keys No command required Automatically zeroized on session termination.

SSH RSA private key sshUtil delprivkey Key-based SSH authentication is not used for SSH

sessions.

SSH RSA public key sshUtil delpubkeys Key-based SSH authentication is not used for SSH

sessions.

SSH session key No command required This key is generated for each SSH session that is

established with the host. It automatically zeroizes on

session termination.

Third-party keys secCertUtil delete -fcapall Used to zeroize third-party keys.

TLS authentication key No command required Automatically zeroized on session termination.

TLS pre-master secret No command required Automatically zeroized on session termination.

TLS private keys secCertUtil delkey -all The secCertUtil delkey -all command is used to zeroize

these keys.

TLS session key No command required Automatically zeroized on session termination.

TABLE 85 Zeroization behavior (Continued)

Keys Zeroization CLI Description