Enabling HP secure erase on a core server
Before you can use HP secure erase, you need to download and install HP's secure erase certificate generation software from this location:
- ftp://ftp.hp.com/pub/caps-softpaq/cmit/hprse/hp_rse_setup.exe
RSE setup does the following:
- Creates secure erase private and public keys that are stored on the core server. WARNING: Do not lose this public/private key pair. Back them up to a safe and secure location at your company.
- Creates a "first time" provisioning package that's deployed via a USB drive.
- Creates a "reprovisioning" package that replaces the currently deployed provisioning key. This is deployed via the console to managed HP clients.
- Creates a unique "reset" provisioning package for each public and private key pair. This package does the equivalent of a Windows 8 factory reset on the HP client. It also clears the currently deployed HP RSE key, so after executing this command you'll need to redo the "First time" reprovisioning via a USB drive.
Keys are stored in C:\Program Files\LANDesk\Shared Files\Keys\Rse. If you want to add keys generated on other core servers, put them here. The folder name is the key hash. Inside this folder are four files:
- hprse.desc
- hprse.private
- hprse.public
- RSE.bin (created when someone uses the console to make a reset package)
Don't rename these files. In particular, the client BIOS flash file won't flash if the name is something other than RSE.bin.