At system startup (power on) or to access an encrypted system, the encryption key must be provided by an outside source so that the system can be accessed. The encryption key is read from the USB flash drives that store copies of the keys that were created during system initialization.
If you want the system to reboot automatically, a USB flash drive with the encryption keys must be left inserted in each of the canisters, so that both canisters have access to the encryption key when they power on. This method requires that the physical environment where the system is located is very secure, so no unauthorized person could make copies of encryption keys on the USB flash drives and gain access to data stored on the system.
For the most secure operation, do not keep the USB flash drives inserted into the canisters on the system. However, this method requires that you manually insert the USB flash drives that contain copies of the encryption key in both canisters before rebooting the system. The encryption key is required to access encrypted data, and resides only on the USB flash drive copies and on any additional copies made on other forms of storage. The encryption key cannot be recovered or regenerated by IBM if all user-maintained copies are lost or unrecoverable.