SED authentication keys

The authentication keys you use to lock the SEDs have the following requirements and behaviors.

You can create and apply an authentication key to auto-lock the host drives and the drives in the storage arrays. An authentication key must be 32 bytes. The keys are managed using the IBM® IBM Global Security Kit (GSKit) software. No other key management software or server is required.

You could create a conforming key AEKs, but as a best practice, you should use the apsedkey generate command to automatically create a random, conformant AEK for the SED drives and store it in your local keystore.

The AEK to lock the SED disks of IIAS nodes must meet the following requirements:

The key value must be 32 bytes in length.
The key can use characters in range ASCII from 0x00 to 0xFF.