If I activate the Security Profile, then the SD card gets disabled. Is this by design? The instructions for activating the Security Profile refer to the SD card and imply it won’t be affected. If it is by design, then it should be clearly stated, and I would like an explanation of the reason for it. It is isn’t by design, then this appears to be a bug.
It is by design. My understanding is that the use of an SD card represents a potential security risk, which is eliminated if the SD card slot is disabled.
If the documentation doesn’t make this clear, I will raise this with the product manager.
This page in the Security Info Center gives an explanation.
Protection against physical access Protection against physical access is an important requirement for OT devices (component). Attackers may access the hardware and try to manipulate the firmware, configuration, or applications. At the end of that page, it states that the SD card slot is disabled by the security profile. It also mentions that there will be an option to re-enable this in future firmware versions.
There are a couple of documentation areas that should be changed then.
Here is explains the effects of enabling the Security Profile(in the Effects of the Security Profile section). It does not say anything about the SD card being disabled:
https://security.plcnext.help/se/PLCnext_Security_Guideline/Secure_operation/PLCnext_Starting_up/Handling_the_Security_Profile.htm
Here it implies that the license could be installed on the SD card. Probably generic content on installing a license, but it is in the Security Profile section:
https://security.plcnext.help/se/PLCnext_Security_Guideline/Secure_operation/PLCnext_Starting_up/Enabling_the_Security_Profile.htm
Thanks for reporting those issues. I have passed them to the documentation team.