Intel Optane DC Persistent Memory - Configuration and Setup White Paper

ManualsBrandsHP ManualsDesktopsHP Z6 G4 Workstation

16TECHNICAL WHITE PAPER

Recovering NVDIMMs with lost passphrases

1. If you are unable to unlock an NVDIMM because you do not know its passphrase, you can still clear the

passphrase and reuse the NVDIMM. This destroys all data on the NVDIMM. To recover:

2. Enter F10-Setup.

3. Go to Security > NVDIMM lost passphrase recovery.

4. Select the NVDIMMs that you want to recover.

5. Select “Continue” to conrm that you want the contents erased.

Power-on password and Transparent Unlock

If you clear the power-on password, Transparent Unlock is temporarily inaccessible until a new power-on password

is created, but the NVDIMMs are still locked. The Transparent Unlock key and DCPMM passphrases are not cleared

during this process. To disable Transparent Unlock, see above.

Using DriveLock to set passphrases manually

1. HP DriveLock is the existing mechanism to manage disk drive passwords; it has been extended to

accommodate DCPMMs.

2. With DriveLock, you need to enter each DCPMM passphrase separately on every boot. BIOS passwords

(administrator or power-on) are not needed.

3. Note that each Optane DCPMM only has a single passphrase, which is handled as the DriveLock user

password. There is no DriveLock master password.

4. Security > Hard Drive Utilities > DriveLock/Automatic DriveLock.

5. Select a drive.

6. The user interface shows the list of NVDIMMs and their locations.

7. Select the rst DCPMM and press Enter.

8. Opens DriveLock Security Options menu.

9. At the “Enable DriveLock” prompt, press Enter.

10. Set DriveLock User Password, enter it again to conrm.

11. Changes are applied immediately.

12. Repeat for each DCPMM.

13. Exit F10-Setup.

14. Workstation power cycles.

15. On reboot:

16. POST Power-On Password prompt if present.

17. DriveLock User Password prompt for each DCPMM.

18. “Correct password entered” appears briey.

About Automatic DriveLock

Automatic DriveLock is a Workstation BIOS feature that lets you reuse the BIOS power-on and administrator

passwords as the drive user and master passwords, respectively, so that you do not have to enter the drive

passwords from the keyboard on every boot. Because Optane DCPMM does not have separate user and master

passwords, Automatic DriveLock cannot be used with DCPMM.

About ndctl

ndctl is a Linux-based tool to manage DCPMMs. When Transparent Unlock is enabled, you cannot use ndctl to manage

passphrases. The BIOS also freezes the DCPMMs before booting, which locks out ndctl from other operations.

About Bitlocker and other drive encryption tools

Existing drive encryption tools do not know how to handle DCPMM encryption and cannot be used with DCPMM.

Unfreezing

The BIOS normally freezes the NVDIMMs before booting. This makes it impossible for OS-based software to modify

or set passphrases, which prevents ransomware-type attacks where malware installs its own passphrases, locking

you out of the NVDIMM data. You can temporarily unfreeze the NVDIMMs for a set number of boot cycles from F10-

Setup. To unfreeze:

1. Enter F10-Setup.

2. Go to Security > NVDIMM security freeze.

CONTENTS & NAVIGATION

Introduction

DCPMM Security

Overview

System Requirements

System Setup Overview

Appendices