It looks like a bit of a gray area, the drives are FIPS 140-2 validated but it's not clear whether the local key manager needs to be since its data will be on array and so also encrypted. Whereas the external key manager does appear to require and have a FIPS 140-2 validation. Which could be a requirement for end to end validation or may just be because it's external and is designed to service multiple other products, storage, fabric, tape etc as are available in large enterprises.
There's a whitepaper here that the more security savvy might be able to decode, if not I'd wait for the official answer once they dig the security guy out of his bunker.
http://www8.hp.com/h20195/v2/GetDocumen ... A4-7605ENWIt does say in the above doc.
"
To answer the need within the HP 3PAR StoreServ arrays model 10000 and 7000, HP 3PAR offered with the beginning of HP 3PAR OS 3.1.2 MU2, support for Self Encrypting Drives (SED). The SED is a hard drive or solid state disk drive with a circuit (ASIC) built into the drive controller's chipset which encrypts / decrypts all data to and from the drive media automatically.
HP has continued to enhance the encryption support on the HP 3PAR StoreServ arrays by offering FIPS-2 compliant SED drives with a subsequent release of HP 3PAR OS and is now offering with HP 3PAR OS 3.2.1 the ability to use an external Enterprise Key Manager (EKM).
These combined offerings of FIPS 140-2 validated components allows the 3PAR StoreServ arrays to be FIPS 140-2 compliant"
Arguably still a little ambiguous, but it's probably only truly helpful, outside of a compliance requirement, if someone were to make off with your entire array....
3.1.2 MU2 Release Notes also seem to suggest this is required
Quote:
Supports FIPS 140-2 compliance with new external secure key managers
