Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

User Authentication

  • Support for File-system Encryption with Trusted Platform Module (TPM 2.0) (MX240, MX480, MX960)—Starting in Junos OS Release 22.2R1S2, you can encrypt file-system data residing on your MX Series device hard disk drives with Trusted Platform Module 2.0 (TPM 2.0). TPM is a chip used for the identification and authentication of a device on the network and to ensure the software loaded on the system is in the correct state when it started up.

    Limitations

    • Installing the old image previous to 22.2R1 and performing an ISSU when encryption is enabled on the disk does not issue a warning or an error.

    • Users with root access permission can only perform file-system encryption on the device.

    • Hard disk encryption is not automatically applicable on the newly inserted drive.

    • File-system encryption is applicable only on these MX Series Routing Engines: RE-S-X6-128G-K-BB, RE-S-X6-128G-K-R, and RE-S-X6-128G-K-S.
    • The request system filesystem encryption keys delete command deletes disk keys on lock and unlock drives. Locked drives are due to PCR mismatch or disk inserted from another system.

    • We do not support enabling encryption with GRES. You must enable encryption on each Routing Engine.

    • Forced clearing of TPM keys results in an unexpected behavior.

    • You cannot use automatic recovery feature after deleting keyslots.

    • We do not support VM host snapshot recovery.

    • The show system filesystem encryption status command display information about the specific Routing Engine only.

    [See Encryption with TPM.]