Enabling HP secure erase on a core server

Before you can use HP secure erase, you need to download and install HP's secure erase certificate generation software from this location:

  • ftp://ftp.hp.com/pub/caps-softpaq/cmit/hprse/hp_rse_setup.exe

RSE setup does the following:

  • Creates secure erase private and public keys that are stored on the core server. WARNING: Do not lose this public/private key pair. Back them up to a safe and secure location at your company.
  • Creates a "first time" provisioning package that's deployed via a USB drive.
  • Creates a "reprovisioning" package that replaces the currently deployed provisioning key. This is deployed via the console to managed HP clients.
  • Creates a unique "reset" provisioning package for each public and private key pair. This package does the equivalent of a Windows 8 factory reset on the HP client. It also clears the currently deployed HP RSE key, so after executing this command you'll need to redo the "First time" reprovisioning via a USB drive.

Keys are stored in C:\Program Files\LANDesk\Shared Files\Keys\Rse. If you want to add keys generated on other core servers, put them here. The folder name is the key hash. Inside this folder are four files:

  • hprse.desc
  • hprse.private
  • hprse.public
  • RSE.bin (created when someone uses the console to make a reset package)

Don't rename these files. In particular, the client BIOS flash file won't flash if the name is something other than RSE.bin.