Disabling encryption
Use the encrypt_disable command to disable the data protection feature.
encrypt_disable
This command disables the data protection feature. A prerequisite for this is that no volumes are
defined in the system. In addition to disabling the data protection, a cryptographic erase is
performed on all protected bands (ensuring that all existing user data is no longer accessible).
After the command successfully completes, all bands are left in the unlocked state. Disabling
encryption when the encryption state is other than Active (displayed as Enabled
in
state_list) will result in an error.
Example:
encrypt_disable -y
Output:
Command executed successfully.
Access control
User Category | Permission |
---|---|
Storage administrator | Disallowed |
Storage integration administrator | Disallowed |
Application administrator | Disallowed |
Security administrator | Allowed |
Read-only users | Disallowed |
Technicians | Disallowed |
Warnings
-
ARE_YOU_SURE_YOU_WANT_TO_DISABLE_ENCRYPTION
Are you sure you want to disable encryption on this system?
Troubleshooting: A yes option is required for this command
Return codes
-
UNSUPPORTED_HARDWARE
Cannot utilize encryption on unsupported hardware.
Troubleshooting: Contact support to verify encryption status.
-
ENCRYPT_NOT_ENABLED
Encryption is not enabled.
Troubleshooting: Check that encryption is enabled and try again the command.
-
VOLUME(S)_DEFINED
There are volumes defined, cannot disable encryption.
Troubleshooting: All volumes must be removed before encryption is disabled.
-
CANNOT_UNMOUNT_STATISTIC_VOLUME
Failed to unmount statistics volume for disabling encryption.
Troubleshooting: Please contact support.
-
CANNOT_CRYPTO_ERASE_DISKS
Cannot crypto-erase disks.
Troubleshooting: Contact support.
-
CANNOT_WRITE_TO_KEY_REPOSITORY
Failed writing keys to the key repository.
Troubleshooting: Contact support.
-
NO_LIVE_KEYSERVER_GATEWAY_NODE
There is no live key server gateway node on the system.
Troubleshooting: Please restart the key server gateway node and try again.
-
NO_MASTER_KEYSERVER_DEFINED
There is no master key server defined on the system.
Troubleshooting: Please define a master key server by invoking encrypt_key server_update and try again.
-
KEYSERVER_COMMUNICATION_GENERIC_ERROR
Cannot connect to an active key server.
Troubleshooting: Invoke encrypt_keyserver_list and event_list for more details.
-
COMPRESSION_RECOVERY_IN_PROGRESS
Operation cannot be completed because another recovery process is in progress