SC Storage Customer Notification: Unintended Key Deletion Using External Key Management Server

Summary: This article explains an issue when completing key deletion management actions with a Gemalto KeySecure KMS appliance.

Problem Detail:

If keys are being deleted from a KeySecure appliance it is possible to delete multiple keys in a single delete interaction. If multiple keys are selected by using the ‘Delete All on this Page’ option within the KeySecure Web UI no locks are placed on the current selection of keys being deleted. This can potentially result in a narrow timing window where a Storage Center could submit a request for a new key to the KMS and have it inadvertently deleted.

If a ReKey operation is issued for a Storage Center array with existing SED’s that are in a Secure disk folder - and a user is completing a management action on the KMS as described above – it is possible the new keys from the rekey action are deleted. This can occur even though these new keys were not selected in the original page of keys to be deleted from the KeySecure Web UI.

If a new enclosure of drives is added, or all SED’s are being managed into the system for the first time, they can still be exposed to this timing window.

Affected Versions: 

SCOS versions 6.5 and above support Self-Encrypting Drives and can be affected by this issue. All versions of Gemalto KeySecure 6.6.X and 8.X are interoperable with SCOS and contain this issue.
 

Workaround:

Before performing a Re-Key or managing SED’s into a Secure disk folder, or before converting a disk folder containing already-managed SED’s to a Secure disk folder, ensure that no user is performing any deletion management actions from the KeySecure Web UI
 

Resolution:

Gemalto has been made aware of this issue and is actively investigating.