Seagate ST9146753SS About self-encrypting drives, Data encryption, Controlled access, Admin SP

Page 45

9.0About self-encrypting drives

Self-encrypting drives (SEDs) offer encryption and security services for the protection of stored data, com- monly known as “protection of data at rest.” These drives are compliant with the Trusted Computing Group (TCG) Enterprise Storage Specifications as detailed in Section 3.2.

The Trusted Computing Group (TCG) is an organization sponsored and operated by companies in the com- puter, storage and digital communications industry. Seagate’s SED models comply with the standards pub- lished by the TCG.

To use the security features in the drive, the host must be capable of constructing and issuing the following two SCSI commands:

Security Protocol Out

Security Protocol In

These commands are used to convey the TCG protocol to and from the drive in their command payloads.

9.1Data encryption

Encrypting drives use one inline encryption engine for each port, employing AES-128 data encryption in Cipher Block Chaining (CBC) mode to encrypt all data prior to being written on the media and to decrypt all data as it is read from the media. The encryption engines are always in operation, cannot be disabled, and do not detract in any way from the performance of the drive.

The 32-byte Data Encryption Key (DEK) is a random number which is generated by the drive, never leaves the drive, and is inaccessible to the host system. The DEK is itself encrypted when it is stored on the media and when it is in volatile temporary storage (DRAM) external to the encryption engine. A unique data encryption key is used for each of the drive's possible16 data bands (see Section 9.5).

9.2Controlled access

The drive has two security partitions (SPs) called the "Admin SP" and the "Locking SP." These act as gate- keepers to the drive security services. Security-related commands will not be accepted unless they also supply the correct credentials to prove the requester is authorized to perform the command.

9.2.1Admin SP

The Admin SP allows the drive's owner to enable or disable firmware download operations (see Section 9.4). Access to the Admin SP is available using the SID (Secure ID) password or the MSID (Makers Secure ID) password.

Savvio 15K.3 SAS Product Manual, Rev. A

37

Image 45
Contents ST9300453SS ST9146653SS ST9300653SSST9300553SS ST9146853SSST9146753SSStandard Models Self-Encrypting Drive Models SED FIPS140-2 ModelsPage Contents Installation Defect and error managementAbout Fips About self-encrypting drives Interface requirementsPage Savvio 15K.3 SAS Product Manual, Rev. a List of Figures Page Seagate Online Support and Services Seagate Technology support servicesScope Standards Applicable standards and reference documentationElectromagnetic compatibility Electromagnetic susceptibilityElectromagnetic compliance for the European Union Electromagnetic complianceAustralian C-Tick Korean KCCEuropean Union Restriction of Hazardous Substances RoHS Reference documents Scsi Commands Reference Manual SAS Interface ManualGeneral description Media description Standard featuresPerformance ReliabilityFormatted capacities Programmable drive capacity Factory installed optionsInternal drive characteristics Performance characteristicsSeek performance characteristics Access timeFormat command execution time General performance characteristicsStart/stop time Cache operation Prefetch/multi-segmented cache controlPrefetch operation Caching write dataError rates Reliability specificationsRecoverable Errors Unrecoverable ErrorsSeek errors Reliability and serviceInterface errors Preventive maintenance4 S.M.A.R.T Maximum processing delayControlling S.M.A.R.T Performance impactTemperature Log Page 0Dh Parameter Code Description Predictive failuresThermal monitor Drive Self Test DST State of the drive prior to testingDST failure definition ImplementationShort test Function Code 001b Short and extended testsExtended test Function Code 010b Log page entriesShipping Product warrantyProduct repair and return information StoragePhysical/electrical specifications PowerChoiceTM power managementPowerChoice modes DC power requirements AC power requirementsRegulation 300GB models DC power requirements146GB models DC power requirements General DC power requirement notes Power sequencingConducted noise immunity Current profile for 300GB models Current profilesCurrent profile for 146GB models Power dissipation 300GB models in 6Gb operation300GB models in 3Gb operation 146GB models in 3Gb operation 146GB models in 6Gb operationTemperature a. Operating Environmental limitsRelative humidity Effective altitude sea level a. Operating Shock and vibrationShock Recommended mounting Vibration a. Operating-normalAir cleanliness Corrosive environmentAcoustics Dimensions Mechanical specificationsAbout Fips PurposeLevel 2 security Admin SP Controlled accessAbout self-encrypting drives Data encryptionRandom number generator RNG Default passwordDrive locking Data bandsPower requirements Authenticated firmware downloadSupported commands Cryptographic eraseDefect and error management Drive internal defects/errorsDrive error recovery procedures Background Media Scan SAS system errorsMedia Pre-Scan Deferred Auto-ReallocationIdle Read After Write Protection Information PI Setting and determining the current Type LevelLevels of PI Identifying a Protection Information driveDrive orientation InstallationAir flow CoolingGrounding Drive mountingInterface requirements SAS featuresScsi commands supported Supported commandsDual port support Supported commands Supported commands Supported commands Mode Sense data Inquiry dataSavvio inquiry data Page Mode Data Header Mode Data Header Miscellaneous operating features and conditions Miscellaneous featuresMiscellaneous status SAS physical interface Datum B Section C C Section a a Connector requirements Physical characteristicsElectrical description Pin descriptionsPower Signal characteristicsSAS transmitters and receivers Ready LED OutLED drive signal SAS-2 Specification complianceDifferential signals General interface characteristicsNumerics IndexPage Msid Mtbf See also cooling Page Savvio 15K.3 SAS Product Manual, Rev. a