Seagate ST400FX0002 About self-encrypting drives, Data encryption, Controlled access, Admin SP

Page 43

8.0About self-encrypting drives

Self-encrypting drives (SEDs) offer encryption and security services for the protection of stored data, com- monly known as “protection of data at rest.” These drives are compliant with the Trusted Computing Group (TCG) Enterprise Storage Specifications as detailed in Section 3.2.

The Trusted Computing Group (TCG) is an organization sponsored and operated by companies in the com- puter, storage and digital communications industry. Seagate’s SED models comply with the standards pub- lished by the TCG.

To use the security features in the drive, the host must be capable of constructing and issuing the following two SCSI commands:

SECURITY PROTOCOL OUT

SECURITY PROTOCOL IN

These commands are used to convey the TCG protocol to and from the drive in the appropriate command pay- loads.

8.1Data encryption

Encrypting drives use one in-line encryption engine for each port, employing AES-256 data encryption in Cipher Block Chaining (CBC) mode to encrypt all data prior to being written on the media and to decrypt all data as it is read from the media. The encryption engines are always in operation, cannot be disabled, and do not detract in any way from the performance of the drive.

The 32-byte Data Encryption Key (DEK) is a random number which is generated by the drive, never leaves the drive, and is inaccessible to the host system. The DEK is itself encrypted when it is stored on the media and when it is in volatile temporary storage (DRAM) external to the encryption engine. A unique data encryption key is used for each of the drive's possible16 data bands (see Section 8.5).

8.2Controlled access

The drive has two security partitions (SPs) called the "Admin SP" and the "Locking SP." These act as gate- keepers to the drive security services. Security-related commands will not be accepted unless they also supply the correct credentials to prove the requester is authorized to perform the command.

8.2.1Admin SP

The Admin SP allows the drive's owner to enable or disable firmware download operations (see Section 8.4). Access to the Admin SP is available using the SID (Secure ID) password or the MSID (Makers Secure ID) password.

Pulsar XT.2 SAS Product Manual, Rev. B

35

Image 43
Contents Standard Models Self-Encrypting Drive Models ST400FX0002ST400FX0012 ST200FX0002 ST100FX0002Revision history Contents About self-encrypting drives Physical/electrical specificationsDefect and error management InstallationPage Pulsar XT.2 SAS Product Manual, Rev. B List of Figures Page Seagate Online Support and Services Seagate Technology support servicesScope Electromagnetic susceptibility Applicable standards and reference documentationStandards Electromagnetic compatibilityKorean KCC Electromagnetic complianceElectromagnetic compliance for the European Union Australian C-TickChina Restriction of Hazardous Substances RoHS Directive Reference documentsGeneral description Standard featuresPerformance Media descriptionReliability Formatted capacities Factory-installed optionsProgrammable drive capacity Thin Provisioning Drive Configuration Access time Performance characteristicsInternal drive characteristics Performance characteristicsPerformance Format Mode Dcrt Bit IP Bit 400GB 200GB 100GBCache control Start/stop timeCaching write data Error rates Reliability specificationsEndurance Management Lifetime Endurance Management Reliability and servicePreventive maintenance Data RetentionPerformance impact Maximum processing delay Fully-enabled delay4 S.M.A.R.T Controlling S.M.A.R.TThermal monitor Predictive failuresImplementation State of the drive prior to testingDrive Self Test DST DST failure definitionLog page entries Short and extended testsShort test Function Code 001b Extended test Function Code 010bStorage Product warrantyShipping Product repair and return informationPower specifications Physical/electrical specificationsAC power requirements 400GB standard model DC power requirements DC power requirements200GB standard model DC power requirements 100GB standard model DC power requirements Current profiles General DC power requirement notesPower sequencing Conducted noise immunityCurrent profiles for 200GB models 400GB models in 6Gb operation Power dissipation200GB models in 6Gb operation Environmental limits Temperature a. Operating100GB models in 6Gb operation Effective altitude sea level a. Operating Relative humidityShock and vibration Recommended mounting ShockVibration a. Operating-normal Air cleanlinessCorrosive environment Mounting configuration dimensions 400GB models Mechanical specificationsWeight Pounds 100 grams Data encryption Controlled accessAdmin SP About self-encrypting drivesData bands Default passwordRandom number generator RNG Drive lockingCryptographic erase Authenticated firmware downloadPower requirements Supported commandsDrive internal defects/errors Defect and error managementSSD Physical format address descriptor Bit Byte Auto-Reallocation Drive error recovery proceduresSAS system errors Background Media ScanIdentifying a Protection Information drive Setting and determining the current Type LevelProtection Information PI Levels of PIDrive orientation InstallationAir flow CoolingGrounding Drive mountingInterface requirements SAS featuresDual port support Supported commands Scsi commands supportedPersistent Reserve Read Capacity Write Inquiry data Mode Sense dataPage 14 1a 00 1a Mode Sense data for 400GB drivesMode Pages Mode Sense data for 200GB drivesMode Sense values for 100GB drives SAS physical interface Miscellaneous operating features and conditionsMiscellaneous features Miscellaneous statusDatum B Section C C Section a a Pin descriptions Physical characteristicsConnector requirements Electrical descriptionReady LED Out Signal characteristicsPower SAS transmitters and receiversGeneral interface characteristics SAS-2 Specification complianceLED drive signal Differential signalsNumerics IndexPage RNG See also cooling Page Americas Seagate Technology LLC