TECHNICAL WHITE PAPER CONTENTS & NAVIGATION 1 5 Introduction DCPMM Security Overview System Requirements 6 System Setup Overview 8 Appendices INTEL® OPTANE™ DC PERSISTENT MEMORY: CONFIGURATION AND SETUP ON HP Z6 G4 AND Z8 G4 WORKSTATIONS INTRODUCTION What is Intel® Optane™ DC Persistent Memory Module (DCPMM)? Using 3D XPoint non-volatile memory, Intel®’s Optane™ DCPMM (Data Center Persistent Memory Module1)* is the first NVDIMM offering performance and lifecycle characteristics for storage class m
CONTENTS & NAVIGATION 1 5 Introduction DCPMM Security Overview System Requirements 6 System Setup Overview 8 Appendices DCPMM has been under development for several years. HP and Intel® together with Microsoft have been working on this new technology for HP Workstations since 2016. Like many new and disruptive computing technology innovations in the past, DCPMM first saw large scale deployment on servers in data center applications.
CONTENTS & NAVIGATION 1 5 Introduction DCPMM Security Overview System Requirements 6 System Setup Overview 8 Appendices A volume created in Storage Mode can be set up with a feature known as Direct Access (DAX). When a volume is DAX-enabled, the storage can be modified by direct access to the persistent memory, bypassing the traditional form of block access. (Only some file systems in Windows and Linux support DAX).
CONTENTS & NAVIGATION 1 5 Introduction DCPMM Security Overview System Requirements 6 System Setup Overview 8 Appendices °° The storage capacities in one or more DCPMMs in a set are grouped into a region. –– Often, a region is created across the DCPMMs in the set, thus creating an interleaved set °° To be useful, a region is subdivided into one or more namespaces. °° Namespaces can have a capability identified as BTT (Block Translation Table).
CONTENTS & NAVIGATION 1 5 Introduction DCPMM Security Overview System Requirements 6 System Setup Overview 8 Appendices Unsupported usages • Legacy Boot Mode is not supported; only UEFI Boot Mode is supported. • System Boot from the DCPMM modules is not supported. • Dual Mode (configuring both Storages and Memory Modes at the same time on a single system) is not supported. DCPMM SECURITY OVERVIEW This section provides an overview of DCPMM security features. Details are available in Appendix E.
CONTENTS & NAVIGATION 1 5 Introduction DCPMM Security Overview System Requirements 6 System Setup Overview 8 Appendices as the total of DCPMM capacity. The DRAM capacity does not count towards system memory (since it is serving only as cache).
CONTENTS & NAVIGATION 1 5 Introduction DCPMM Security Overview System Requirements 6 System Setup Overview 8 Appendices 2. Set up the hardware: a) Check system setup as outlined in the above System Requirements Section. b) Configure the hardware. See the “How to Configure System HW” subsection below. c) HP Recommends BIOS and DCPMM FW be updated to latest version before SW configuration begins. 3.
CONTENTS & NAVIGATION 1 5 to change the configuration or redeploy the hardware to a new user. Instructions for resetting DCPMM modules can be found in Appendix F °° Delete Namespace. –– Deleting a namespace will remove all data from a DCPMM. Ensure that all data that needs to be retained is backed up prior to removing the namespace –– Instructions for deleting a namespace can be found in the procedural appendices below °° Secure erase.
CONTENTS & NAVIGATION 1 5 Introduction DCPMM Security Overview System Requirements 6 System Setup Overview 8 Appendices 7. Click on “Apply NVDIMM Configuration”. 8. You will be presented with the requested configuration. • Click “Yes” to continue. °° If namespaces exist on the specified DCPMMs, the namespaces must be removed before you can configure the DCPMMs in Memory Mode – Instructions to remove namespaces are provided later in the document. 9. A reboot is required to complete configuration.
CONTENTS & NAVIGATION 1 5 Introduction DCPMM Security Overview System Requirements 6 System Setup Overview 8 Appendices Memory Mode Power on the workstation. Press F10 to enter F10 Setup. Navigate to the “Security” tab. Click on “NVDIMM Security Freeze”. Select “5” from the drop-down menu for “Unfreeze NVDIMMs for this number of boot sequences”. Press F10 to save changes and exit F10 Setup. Boot into Windows. Open an Administrator Command Prompt. Change directory to c:\program files\Intel\DCPM Soft
CONTENTS & NAVIGATION 1 5 Introduction DCPMM Security Overview System Requirements 6 System Setup Overview 8 Appendices There will be a prompt to format the disk – Click on the “Cancel” button. The disk will be formatted in the next step. • Format-Volume -DriveLetter ”DriveLetter” -isDax 1 4. Dax Mode can be verified by using the following command: • Fsutil fsinfo volumeinfo “DriveLetter:” The drive letter must be followed by a colon.
CONTENTS & NAVIGATION 1 5 Introduction DCPMM Security Overview System Requirements 6 System Setup Overview 8 Appendices Creating a Namespace To create and manage Namespaces, we use the ndctl utility 1. ndctl list -NDR This command will list all namespaces, devices, and regions on the system. Regions are the AppDirect/ AppDirectNotInterleaved pools we made in the previous step. 2. ndctl create-namespace This command will create an fsdax namespace with default parameters. 3.
CONTENTS & NAVIGATION 1 5 Introduction Configuring DCPMM – UEFI Shell Software 1. To create a bootable UEFI Shell USB key use the following steps: • Download the following file https://github.com/tianocore/edk2/blob/UDK2018/ShellBinPkg/UefiShell/X64/Shell.efi • Rename the file to bootx64.EFI • Copy the file to a FAT32 formatted USB key in the following directory: \EFI\Boot\ 2. Included with the DCPMM firmware SoftPaq is an UEFI executable (ipmctl.efi).
CONTENTS & NAVIGATION 1 5 Introduction DCPMM Security Overview System Requirements 6 System Setup Overview 8 Appendices Storage Mode 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. Insert the USB key into an open USB port and turn on the workstation. Press F10 to enter F10 Setup. Navigate to the “Security” tab. Click on “NVDIMM Security Freeze”. Select “5” from the drop-down menu for “Unfreeze NVDIMMs for this number of boot sequences” Press F10 to save changes and exit F10 Setup.
CONTENTS & NAVIGATION 1 5 Introduction DCPMM Security Overview System Requirements 6 System Setup Overview 8 Appendices using their respective BIOS passwords, without having to know any of the passphrases. The actual DCPMM passphrases are generated by the workstation BIOS and copies are stored on the motherboard using a separate layer of encryption, managed by the TPM. This also avoids having to reuse passphrases across multiple DCPMMs. Enabling Transparent Unlock (recommended) 1.
CONTENTS & NAVIGATION 1 5 Introduction DCPMM Security Overview System Requirements 6 System Setup Overview 8 Appendices Recovering NVDIMMs with lost passphrases 1. If you are unable to unlock an NVDIMM because you do not know its passphrase, you can still clear the passphrase and reuse the NVDIMM. This destroys all data on the NVDIMM. To recover: 2. Enter F10-Setup. 3. Go to Security > NVDIMM lost passphrase recovery. 4. Select the NVDIMMs that you want to recover. 5.
CONTENTS & NAVIGATION 1 5 Introduction DCPMM Security Overview System Requirements 6 System Setup Overview 8 Appendices 3. Select for how many reboots (1-5) you want to keep the NVDIMMs unfrozen. 4. Save and Exit. Secure Erase 1. Secure Erase works by deleting the internal encryption key and generating a new one, which instantly crypto-scrambles/randomizes all existing user data in the DCPMM and marking the contents as erased. The contents are then sampled for validation. 2.
CONTENTS & NAVIGATION 1 5 Introduction DCPMM Security Overview System Requirements 6 System Setup Overview 8 Appendices 4. With the AC power off, install each DCPMM into the target workstation, using the same DIMM slots as on the source workstation. 5. Reboot the system and check for any POST errors. If the DCPMMs are not installed in the correct DIMM slots you may see a POST message indicating the correct DIMM slot(s).
CONTENTS & NAVIGATION 1 5 Introduction DCPMM Security Overview System Requirements BIOS Post Errors Decoded The following table shows some of most likely DCPMM-related messages you might see from system BIOS during a reboot. BIOS Error Message Implication Suggested Resolution NVDIMMs are present with inaccessible capacity. They may need to be reconfigured. Not all capacity of the hardware is available to be used. Reconfigure the NVDIMMs in the system to take all NVDIMM capacity.
CONTENTS & NAVIGATION 1 Introduction Z6 G4 Single Processor System with Intel® Optane™ DCPMMs CPU 0 DCPMM Security Overview IMC 0 1 DRAM 1 DRAM 4 2 2 DRAM 5S 4 1 DRAM Ch 1 Ch 2 CPU0-DIMM6 1 2 Ch 0 CPU0-DIMM3 2 3 Ch 0 CPU0-DIMM2 CPU0-DIMM1 Appendices DCPMM Qty 8 DRAM Qty System Setup Overview MEM Qty 6 IMC 1 Ch 1 CPU0-DIMM5 Ch 2 System Requirements CPU0-DIMM4 5 DCPMM Loading Tables PMM DRAM PMM PMM DRAM PMM DRAM DRAM DRAM PMM 6 2 4 DRAM PMM PMM PMM PM
CONTENTS & NAVIGATION 1 CPU 0 IMC 0 Introduction Channel 2 2 DRAM PMM 5S 4 1 DRAM DRAM PMM PMM PMM DRAM DRAM DRAM DRAM 6 4 2 DRAM DRAM PMM PMM DRAM 6 2 4 DRAM PMM PMM PMM PMM 8S 6 2 DRAM DRAM DRAM DRAM DRAM PMM 8 4 4 DRAM PMM DRAM 10 S 6 4 DRAM PMM DRAM CPU0-DIMM12 2 Channel 2 CPU0-DIMM11 4 CPU0-DIMM10 DRAM Channel 1 CPU0-DIMM9 PMM DRAM CPU0-DIMM8 DRAM 1 Channel 0 CPU0-DIMM7 1 2 CPU0-DIMM6 1 3 Channel 0 CPU0-DIMM5 2 CPU0-DIMM4 CPU0-D
CONTENTS & NAVIGATION 1 CPU 0 IMC 0 Introduction Channel 2 Channel 2 CPU0-DIMM12 CPU0-DIMM11 CPU0-DIMM10 CPU0-DIMM9 CPU0-DIMM8 CPU0-DIMM7 CPU0-DIMM6 CPU0-DIMM5 CPU0-DIMM4 6M 4 2 DRAM DRAM 6S 4 2 DRAM PMM PMM DRAM 8 4 4 DRAM PMM PMM DRAM 12 4 8 DRAM PMM PMM PMM PMM DRAM 12 8 4 DRAM DRAM PMM PMM DRAM 16 8 8 DRAM DRAM PMM PMM DRAM PMM CPU0-DIMM3 8 Appendices CPU0-DIMM2 System Setup Overview Channel 1 CPU0-DIMM1 6 Channel 0 DCPMM Qty System Req
CONTENTS & NAVIGATION 1 5 RESOURCE LINKS Introduction 1. Intel® Optane™ DC Persistent Memory Module References https://www.intel.com/content/www/us/en/architecture-and-technology/optane-dcpersistent-memory.html 2. Configuring and Using NVDIMM Intro to Overall Architecture http://pmem.io/2014/08/27/crawl-walk-run.html 3. Configuration Tools Ipmctl Documentation and Source: https://github.com/intel/ipmctl NDCTL: https://pmem.io/ndctl 4.
CONTACT US © Copyright 2019 HP Development Company, LP. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.