Users Guide

DCPMM security

Topics:

• Memory mode

•

App-direct

• Cryptographic erase and DCPMM sanitize

Memory mode

In Memory mode DCPMMs operate as volatile system memory. User passphrase is not supported and this BIOS setting will be

greyed out.

App-direct

Users have the option to enable Passphrase protection of DCPMM regions. The intent of the passphrase is to protect against

unauthorized access to data stored on the DCPMM region. If the DCPMMs are moved from one server to another server, the

user must re-enter the security passphrase in BIOS setup before the data can be accessed.

If the customer chooses to enable passphrase protection or not, BIOS locks the DCPMM before booting to the operating

system or UEFI Shell. This means that all security changes are controlled by the Dell BIOS and operating system level security

changes including Passphrase management and DCPMM erasing functions will not be supported. All these functions must be

driven through the BIOS setup.

NOTE:

As mentioned in section DIMM Configuration Changes, the only migration scenario that is supported is a slot for

slot replacement between motherboards. Adding or removing individual DCPMM for any reason will likely result in data loss

and trigger the need for goal and security reconfiguration.

The passphrase to lock or encrypt the data at rest on the DCPMM in App-direct is configurable in the BIOS setup. If the field is

not empty, every boot the supplied passphrase is used to attempt to unlock all DCPMM in the system.

The following use cases are related to unsupported migration scenarios:

● When changing passphrase in the BIOS setup, the existing passphrase only needs to be entered once per session. Entering

and existing the field multiple times will not reprompt for the passphrase again (until the next boot session).

● Passphrase can be cleared by entering empty string in BIOS setup passphrase field.

NOTE: To clear the passphrase, keep the passphrase field blank and hit Enter.

28 DCPMM security