PowerEdge: 16G - SEKM044: Secured VOSS SDPM volumes require a power cycle

Summary: PowerEdge 16G servers with Software Defined Persistent Memory (SDPM) will require an additional power cycle after securing through iDRAC Secure Enterprise Key Manager (SEKM) feature.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

Software Defined Persistent Memory (SDPM) NVM Express M.2 drives in the Vault Optimized Storage Solution (VOSS) support securing through Secure Enterprise Key Manager (SEKM) feature of the iDRAC9. When first configuring SEKM on the VOSS SDPM volume, the Host server requires an additional power cycle (cold reboot) to enable security. This power cycle is required in addition to the cold reboot that is performed to create the SDPM volume originally. The Lifecycle Log records an SEKM044 indicating that the volume is not security capable prior to the server warm reboot.

There are two different workflows when enabling SEKM on SDPM M.2 NVM Express volumes. See below for where additional cold reboot is required:

Workflow 1: Enable SEKM Security to existing SDPM Volume. 

  1. Create VOSS SDPM Volume in F2 system BIOS
  2. Cold Boot Server
  3. Enable SEKM on VOSS Controller through iDRAC
  4. Another Warm OR Cold reboot Server

 

Workflow 2: Enable SEKM on VOSS Before SDPM volume. 

  1. Enable SEKM on VOSS Controller through iDRAC
  2. Create VOSS SDPM Volume in F2 System Setup
  3. Cold Boot Server
  4. Another Cold Reboot Server

 
Lifecycle Log Example:

2023-04-18 21:30:42    SEKM044    iDRAC is unable to secure Disk.Bay.8:Enclosure.Internal.0-1 because the device is not security capable.
2023-04-18 21:30:13    SEKM080    VOSS.SL.11-1 has been secured successfully.
2023-04-18 21:30:13    SEKM080    VOSS.SL.11-1 has been secured successfully.
2023-04-18 21:30:13    SEKM080    VOSS.SL.11-1 has been secured successfully.

 

Cause

When SDPM is enabled, the iDRAC receives the volume settings from the system BIOS through a SMA transaction. There is a delay in this sequence preventing the capacity status from being relayed in a timely manner.

Resolution

iDRAC9 7.00.60.00 (December 2023) remediates this timing condition that allows the SDPM volume to secure on initial cold boot.
 
Workaround:
In order to secure VOSS SDPM volumes, the iDRAC power actions can be leveraged to issue the cold boot to the impacted Host.
 
iDRAC9 UI > Power Cycle System (cold boot) example:

iDRAC9 UI > Power Cycle System (cold boot) example 

RACADM Example:

racadm>>racadm serveraction powercycle
Server power operation initiated successfully

 

Affected Products

iDRAC9, iDRAC9 - 6.xx Series
Article Properties
Article Number: 000213554
Article Type: Solution
Last Modified: 10 Apr 2025
Version:  4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.