'\" t
.\"     Title: ipmctl-change-device-security
.\"    Author: [see the "AUTHOR(S)" section]
.\" Generator: Asciidoctor 2.0.10
.\"      Date: 2019-12-15
.\"    Manual: ipmctl
.\"    Source: ipmctl
.\"  Language: English
.\"
.TH "IPMCTL\-CHANGE\-DEVICE\-SECURITY" "1" "2019-12-15" "ipmctl" "ipmctl"
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.ss \n[.ss] 0
.nh
.ad l
.de URL
\fI\\$2\fP <\\$1>\\$3
..
.als MTO URL
.if \n[.g] \{\
.  mso www.tmac
.  am URL
.    ad l
.  .
.  am MTO
.    ad l
.  .
.  LINKSTYLE blue R < >
.\}
.SH "NAME"
ipmctl\-change\-device\-security \- Changes the DCPMM security lock state
.SH "SYNOPSIS"
.sp
.sp
.nf
ipmctl set [OPTIONS] \-dimm [TARGETS] Lockstate=(Unlocked|Disabled|Frozen)
Passphrase=(string)
.fi
.br
.SH "DESCRIPTION"
.sp
Changes the data\-at\-rest security lock state for the persistent memory on one or more
DCPMMs.
.if n .sp
.RS 4
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
.B Note
.ps -1
.br
.sp
This command is subject to OS Vendor (OSV) support. It will return "Not Supported."
An exception is if the DCPMM is Unlocked Seurity State, then transitioning to Disabled
is permitted.
.sp .5v
.RE
.SH "OPTIONS"
.sp
\-h, \-help
.RS 4
Displays help for the command.
.RE
.sp
\-ddrt
.RS 4
Used to specify DDRT as the desired transport protocol for the current invocation of ipmctl.
.RE
.sp
\-smbus
.RS 4
Used to specify SMBUS as the desired transport protocol for the current invocation of ipmctl.
.RE
.if n .sp
.RS 4
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
.B Note
.ps -1
.br
.sp
The \-ddrt and \-smbus options are mutually exclusive and may not be used together.
.sp .5v
.RE
.sp
\-o (text|nvmxml), \-output (text|nvmxml)
.RS 4
Changes the output format. One of: "text" (default) or "nvmxml".
.RE
.sp
\-source (path)
.RS 4
File path to a local file containing the new passphrase (1\-32 characters).
.RE
.SH "TARGETS"
.sp
\-dimm [DimmIDs]
.RS 4
Changes the lock state of a specific DCPMMs by supplying one or more comma
separated DCPMM identifiers. However, this is not recommended as it may put
the system in an undesirable state. The default is to modify all manageable
DCPMMs.
.RE
.SH "PROPERTIES"
.sp
LockState
.RS 4
The desired lock state.
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
"Disabled": Removes the passphrase on an DCPMM to disable security. Permitted
only when LockState is Unlocked.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
"Unlocked": Unlocks the persistent memory on a locked DCPMM.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
"Frozen": Prevents further lock state changes to the DCPMM until the next
reboot.
.RE
.RE
.sp
Passphrase
.RS 4
The current passphrase (1\-32 characters). For better passphrase protection, specify an
empty string (e.g., Passphrase="") to be prompted for the current passphrase or to use
a file containing the passphrases with the source option.
.RE
.SH "EXAMPLES"
.sp
Unlocks device 0x0001.
.sp
.sp
.nf
ipmctl set \-dimm 0x0001 LockState=Unlocked Passphrase=""
.fi
.br
.sp
Unlocks device 0x0001 by supplying the passphrase in the file "mypassphrase.file". In this
example, the format of the file would be:
.sp
#ascii
.br
Passphrase=myPassphrase
.sp
.sp
.nf
ipmctl set \-source myfile.file \-dimm 0x0001 LockState=Unlocked
Passphrase=""
.fi
.br
.SH "LIMITATIONS"
.sp
In order to successfully execute this command:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
The caller must have the appropriate privileges.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
The specified DCPMMs must be manageable by the host software, have security enabled,
not be in the "Frozen" or "Exceeded" lock states, and not executing a long operation
(ARS, Overwrite, FWUpdate).
.RE
.sp
The command is subject to OS Vendor (OSV) support. If OSV does not provide support,
the command may return "Not Supported." An exception is if the DCPMM is Unlocked
(via UEFI or OSV tool), then transitioning to Disabled is possible regardless of
OSV support.
.SH "RETURN DATA"
.sp
If an empty string is provided for the passphrase property and the source option is not
included, the user will be prompted (once for all DCPMMs) to enter the current
passphrase. The passphrase characters are hidden.
.sp
Current passphrase: \fB*\fP*
.sp
For each DCPMM, the CLI will indicate the status of the security state change.
If a failure occurs when changing multiple DCPMMs, the process will exit and
not continue updating the remaining DCPMMs.
.SH "SAMPLE OUTPUT"
.sp
.sp
.nf
Unlock DIMM (DimmID): Success
Unlock DIMM (DimmID): Error (Code) \- (Description)
Remove passphrase from DIMM (DimmID): Success
Remove passphrase from DIMM (DimmID): Error (Code) \- (Description)
.fi
.br