A P P E N D I X D

Zeroizing the Hardware

This appendix describes how to perform a hardware zeroize of the Sun Crypto Accelerator 4000 board, which returns the board to the factory state. When the board is returned to the factory state, it is in Failsafe mode.

Caution - You should perform a hardware zeroize only if it is absolutely necessary. If you need to remove all key material only, perform a software zeroize with the zeroize command in the vcaadm program. See Performing a Software Zeroize on the Boardfor details on the zeroize command. Also refer to the online manual pages for vcadiag(4) for removing all key material.

Note - Performing a hardware zeroize on the board removes the Sun Crypto Accelerator 4000 firmware. You will have to reinstall the firmware which is provided with the Sun Crypto Accelerator 4000 software.

Zeroizing the Sun Crypto Accelerator 4000 Hardware to the Factory State

In some situations, it might become necessary to return a board to failsafe mode, and clear it of all key material and configuration information. This can only be done by using a standard SCSI hardware jumper (shunt).

Note - You can use the zeroize command with the vcaadm program to remove all key material from a Sun Crypto Accelerator 4000 board. However, the zeroize command leaves any updated firmware intact. See Performing a Software Zeroize on the Board. Also refer to the vcadiag(4) online manual pages.

To Zeroize the Sun Crypto Accelerator 4000 Board With a Hardware Jumper

1. Power off the system.

Note - For some systems, you can use dynamic reconfiguration (DR) to remove and replace the board as necessary for this procedure instead of powering off the system. Refer to the documentation delivered with your system for the correct DR procedures.

Caution - The board must not receive any electrical power while adjusting the jumper.

2. Remove the computer cover to get access to the jumper, which is located at the top middle of the board.

3. Place the jumper on pins 1 and 2 of the jumper block.

Pins 1 and 2 are the pins closest to the bracket. There are four sets of two pins. Place the jumper on the 1 and 2 pin set as shown in FIGURE D-1.

Caution - The board does not function with the jumper on pins 1 and 2.

FIGURE D-1 Hardware Jumper Block Pins

4. Power on the system.

Caution - When you power on the system after adjusting the hardware jumper, all firmware, key material, and configuration information is deleted. This process returns the board to the factory state and places the board in Failsafemode.

5. Power off the system.

6. Remove the jumper from pins 1 and 2 of the jumper block and store the jumper in the original location.

7. Power on the system.

8. Connect to the Sun Crypto Accelerator 4000 board with vcaadm.

vcaadm prompts you for a path to upgrade the firmware.

9. Type /opt/SUNWconn/cryptov2/firmware/sca4000fw as the path for installing the firmware.

The firmware is automatically installed and you are logged out of vcaadm.

10. Reconnect to Sun Crypto Accelerator 4000 board with vcaadm.

vcaadm prompts you to either initialize the board with a new keystore, or initialize the board to use an existing keystore. See Initializing the Board With vcaadm.