尽管密钥同步成功、但新添加的节点上不会还原板载加密密钥

最后更新
另存为PDF

Views:: 6

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: core<a>2009588252.</a>

Last Updated:

适用场景

ONTAP 9
板载密钥管理器（ OKM ）
可信平台模块(TPM)

问题描述

SVM-KEK密钥不会在新添加的节点上还原：

Cluster1::>security key-manager key show -restored no -used-by SVM-KEK

Node: Cluster1-10 Key Store: onboard Used By -------- SVM-KEK Key ID: 00000000000000000200000000000a00752bf46976631c4bda5b47766a45402e0000000000000000 SVM-KEK Key ID: 00000000000000000200000000000a008114560c46e4d1f8f8167ae2b5f547b10000000000000000 SVM-KEK Key ID: 00000000000000000200000000000a0088d4d298e3331af7cbd160a86ac6b3d20000000000000000

Node: Cluster1-11 Key Store: onboard Used By -------- SVM-KEK Key ID: 00000000000000000200000000000a0027e96b2aad32dd3df761833b059435ad0000000000000000 SVM-KEK Key ID: 00000000000000000200000000000a00752bf46976631c4bda5b47766a45402e0000000000000000 SVM-KEK Key ID: 00000000000000000200000000000a008114560c46e4d1f8f8167ae2b5f547b10000000000000000 6 entries were displayed.

Error: One or more nodes have onboard key management keys that need to be restored. Run the "security key-manager onboard sync" command to restore the onboard key hierarchy on those nodes.

即使运行 security key-manager onboard sync 命令后、板载密钥也不会还原。