Intel Optane DC Persistent Memory - Configuration and Setup White Paper
14TECHNICAL WHITE PAPER
Storage Mode
1. Insert the USB key into an open USB port and turn on the workstation.
2. Press F10 to enter F10 Setup.
3. Navigate to the “Security” tab.
4. Click on “NVDIMM Security Freeze”.
5. Select “5” from the drop-down menu for “Unfreeze NVDIMMs for this number of boot sequences”
6. Press F10 to save changes and exit F10 Setup.
7. Press F9 during post to enter the Boot Menu.
8. You will be presented with a menu that includes all bootable sources.
• Select the bootable UEFI Shell USB key.
9. Select the le system of the USB key.
• Often the le system of the USB Key is FS0, but it can vary.
10. Navigate to where the utility was copied.
11. Congure the DCPMMs as volatile memory by using the following command:
• ipmctl.e create -goal persistentmemorytype=appdirect
• Press ‘y’ and then press ‘enter’.
12. A reboot is required to complete the conguration.
Creating a Namespace
1. Insert the USB key into an open USB port and turn on the workstation.
2. Press F9 during post to enter the Boot Menu.
3. You will be presented with a menu that includes all bootable sources.
• Select the bootable UEFI Shell USB key.
4. Select the le system of the USB key.
• Often the le system of the USB Key is FS0, but it can vary.
5. Navigate to where the utility was copied.
6. Interrogate the system to learn the available region ID(s) by running the following command:
ipmctl.e show -region
• The output will provide region ID(s) in a table format.
7. Create a namespace using a region ID regionID as found in the previous step by running the following
command:
• ipmctl.e create -namespace -region “regionID” Mode=Sector
Deleting a Namespace
Warning - Deleting a Namespace will also delete all data contained on the namespace. Ensure any critical data is
backed up prior to deleting a namespace.
1. Interrogate the system to learn the available namespace ID(s) by running the following command:
ipmctl.e show -namespace
• The output will provide namespace ID(s) in a table format.
2. Delete a namespace by running the following command:
ipmctl.e delete -namespace “namespace ID”
• Conrm that you would like to delete the namespace by pressing “y” and then “enter”.
Security Procedures
DCPMM uses full-time hardware encryption, even in Memory Mode. The encryption algorithm is XTS-AES256,
a common choice for self-encrypting drives (SEDs). Encryption on each DCPMM uses an internal symmetric key
that cannot be read by the workstation.
In Memory Mode, a new key is created at every reset, and deleted at every power o, so that contents cannot
be retrieved across resets or power cycles, or by removing the memory modules. DCPMM passphrases
are not used in this mode.
In App Direct Mode and Storage Mode, the internal key is non-volatile and can be tied to a user passphrase,
so that entering the passphrase unlocks the DCPMM. The passphrase is stored on the DCPMM and is unique
to the module. As shipped, the DCPMMs do not have a passphrase set and on-device encryption is invisible
to the rest of the computer (it applies to data at rest only).
This single-passphrase model diers from traditional disk security (e.g. HP DriveLock) where distinct user and admin
passwords can be used. In order to make DCPMM security management consistent with other storage devices,
HP has added a new feature, “Transparent Unlock”, that lets both the user and admin unlock the DCPMMs,
CONTENTS & NAVIGATION
1
Introduction
5
DCPMM Security
Overview
System Requirements
6
System Setup Overview
8
Appendices