Advanced Config menu (Encryption)
Notes:
• Use this only when directed by your next level of support.
• Your drive must be encryption-capable to use this menu item.
• A feature code must be installed to use this menu item.
Table 83 on page 123 shows the Advanced Config menu items, which allow drive encryption options to
be set to manage access to data, by encrypting data in the data cartridges. Also, see the “Setting drive
encryption” on page 250 procedure.
Table 83: Advanced Config menu (Encryption)
Function
Next menu
Cancel
“CE Drv Options menu” on page 119
*Key Path Config…
“Key Path Config menu (Encryption)” on page 124
*BOP Encryption…
“BOP Encryption menu” on page 125
*Density: Shows Encr/Masks
Encr
-
*Vol Label: Not Encr/Encrypt
-
Cancel
Cancels the operation and returns to the previous menu.
*Key Path Config…
Allows a path to be chosen for passing an encryption key from among a system, an application, or a
library.
*BOP Encrypting…
Allows the encryption of the data from the beginning of a partition to be enabled, disabled, locked, or
unlocked. A drive can lock-in or lock-out encryption, regardless of commands or keys.
*Density: Shows Encr/Masks Encr
Allows the broadcast or subduing of encryption disclosure. The default is Shows Encr.
*Vol Label: Not Encry/Encrypt
Allows encryption of the Vol Label to be enabled or disabled. When enabled, the Vol Label contents
are encrypted with a 0 or 'clear key'. Though provided here for completeness, this feature is enabled
through the library user interface. The default is Not Encr.
Crypto Officer menu (Encryption)
Notes:
• Use this only when directed by your next level of support.
• Your drive must be encryption-capable to use this menu item.
• A feature code must be installed to use this menu item.
This menu allows the force-purging of any data encryption key from memory (as an encryption security
measure). You might complete this procedure to remove the drive from the customer's site.
Attention: If you exercise the Crypto Officer option, encryption is permanently and irrevocably
disabled. The drive reports FID1 50 after each power-on cycle. Use this irreversible action before
the drive is returned only if the customer requires all critical security parameters (CSPs) to be
zeroized before the drive can be removed from the customer site. Cartridges with encrypted data
can no longer be read when inserted in this drive.
Virtual Operator panel 123