Checking SD card settings 

Note:
  • Make sure that the Security Profile is activated before you start encrypting the SD card. 

For BPC 9102S and RFC 4072S 

When using a BPC 9102S or RFC 4072S, the use of an external SD card is mandatory. In a security context, you must use encrypted SD cards. 

  • Make sure that you only use an encrypted SD card. 

For further information, refer to the topic SD card encryption.

For AXC F 1152AXC F 2152AXC F 3152SPLC 1000 and SPLC 3000

You can use an AXC F 1152AXC F 2152AXC F 3152SPLC 1000 and SPLC 3000 with or without an external SD card. Please note the following information for the respective use.

Use without external SD card

  • Log in to the WBM. 

Return to topicHow do I get to the WBM again? Click here for more information... 

Establishing a connection to the Web-based Management (WBM):

  • Open a web browser on your computer.
  • In the address field, enter the URL https://<IP-address-of-the-controller>/wbm,
    for example: https://192.168.1.10/wbm.

For further information, see WBM.

To ensure that the default Security Profile settings are applied, proceed as follows:

  • Open the SD card page (SecuritySD card). 
  • Make sure that only the internal SD card is used to store device files.
  • Make sure that the external SD card support is deactivated.

For information on how to deactivate SD card support, refer to the topic SD card encryption.

Use with external encrypted SD card

Due to the default Security Profile settings, SD card support is also deactivated by default for these controllers. However, you can use an encrypted SD card when using these controllers.

You can only use the following SD cards for encryption:

  • SD FLASH 8GB PLCNEXT MEMORY LIC (item no. 1151112
  • SD FLASH 32GB PLCNEXT MEMORY LIC (item no. 1151111
  • SD FLASH PLCNEXT MEMORY LIC CFG (item no. 1308064)

These cards have two partitions: The first partition ("system") is reserved for license handling and a second partition for the controller data. This second partition ("overlay") is encrypted using the WBM. 

For the encryption of the SD card, dm-crypt with the encryption mode aes-xts-plain is used. For secure key derivation, argon2id is used.
dm-crypt is a cryptography module of the device mapper in the Linux kernel. dm-crypt can encrypt and decrypt data using various algorithms. The encryption can be applied to any device files, in most cases to partitions (as in this case to the "overlay" partition of the SD card).

  • Make sure that you only use an encrypted SD card.

For information on how to activate SD card support and how to encrypt a SD card, refer to the topic SD card encryption.

 

 

• Published/reviewed: 2025-02-10 • Revision 017 •