Disabling encryption

Use the encrypt_disable command to disable the data protection feature.

encrypt_disable

This command disables the data protection feature. A prerequisite for this is that no volumes are defined in the system. In addition to disabling the data protection, a cryptographic erase is performed on all protected bands (ensuring that all existing user data is no longer accessible). After the command successfully completes, all bands are left in the unlocked state. Disabling encryption when the encryption state is other than Active (displayed as Enabled in state_list) will result in an error.

Example:

encrypt_disable -y

Output:

Command executed successfully.

Access control

User Category Permission
Storage administrator Disallowed
Storage integration administrator Disallowed
Application administrator Disallowed
Security administrator Allowed
Read-only users Disallowed
Technicians Disallowed

Warnings

  • ARE_YOU_SURE_YOU_WANT_TO_DISABLE_ENCRYPTION

    Are you sure you want to disable encryption on this system?

    Troubleshooting: A yes option is required for this command

Return codes

  • UNSUPPORTED_HARDWARE

    Cannot utilize encryption on unsupported hardware.

    Troubleshooting: Contact support to verify encryption status.

  • ENCRYPT_NOT_ENABLED

    Encryption is not enabled.

    Troubleshooting: Check that encryption is enabled and try again the command.

  • VOLUME(S)_DEFINED

    There are volumes defined, cannot disable encryption.

    Troubleshooting: All volumes must be removed before encryption is disabled.

  • CANNOT_UNMOUNT_STATISTIC_VOLUME

    Failed to unmount statistics volume for disabling encryption.

    Troubleshooting: Please contact support.

  • CANNOT_CRYPTO_ERASE_DISKS

    Cannot crypto-erase disks.

    Troubleshooting: Contact support.

  • CANNOT_WRITE_TO_KEY_REPOSITORY

    Failed writing keys to the key repository.

    Troubleshooting: Contact support.

  • NO_LIVE_KEYSERVER_GATEWAY_NODE

    There is no live key server gateway node on the system.

    Troubleshooting: Please restart the key server gateway node and try again.

  • NO_MASTER_KEYSERVER_DEFINED

    There is no master key server defined on the system.

    Troubleshooting: Please define a master key server by invoking encrypt_key server_update and try again.

  • KEYSERVER_COMMUNICATION_GENERIC_ERROR

    Cannot connect to an active key server.

    Troubleshooting: Invoke encrypt_keyserver_list and event_list for more details.

  • COMPRESSION_RECOVERY_IN_PROGRESS

    Operation cannot be completed because another recovery process is in progress