Seagate ST3300457SS, 100516226 Drive Locking, Data Bands, Cryptographic Erase, Power Requirements

Page 37

8.4DRIVE LOCKING

In addition to changing the passwords, as described in Section 8.2.3, the owner should also set the data access controls for the individual bands.

The variable "LockOnReset" should be set to "PowerCycle" to ensure that the data bands will be locked if power is lost. This scenario occurs if the drive is removed from its cabinet. The drive will not honor any data read or write requests until the bands have been unlocked. This prevents the user data from being accessed without the appropriate credentials when the drive has been removed from its cabinet and installed in another system.

When the drive is shipped from the factory, the firmware download port is locked and the drive will reject any attempt to download new firmware. The drive owner must use the SID credential to unlock the firmware download port before firmware updates will be accepted.

8.5DATA BANDS

When shipped from the factory, the drive is configured with a single data band called Band 0 (also known as the Global Data Band) which comprises LBA 0 through LBA max. The host may allocate Band1 by specifying a start LBA and an LBA range. The real estate for this band is taken from the Global Band. An additional 14 Data Bands may be defined in a similar way (Band2 through Band15) but before these bands can be allocated LBA space, they must first be individually enabled using the EraseMaster password.

Data bands cannot overlap but they can be sequential with one band ending at LBA (x) and the next beginning at LBA (x+1).

Each data band has its own drive-generated encryption key and its own user-supplied password. The host may change the Encryption Key (see Section 8.6) or the password when required. The bands should be aligned to 4K LBA boundaries.

8.6CRYPTOGRAPHIC ERASE

A significant feature of SEDs is the ability to perform a cryptographic erase. This involves the host telling the drive to change the data encryption key for a particular band. Once changed, the data is no longer recoverable since it was written with one key and will be read using a different key. Since the drive overwrites the old key with the new one, and keeps no history of key changes, the user data can never be recovered. This is tantamount to an instantaneous data erase and is very useful if the drive is to be scrapped or redispositioned.

8.7AUTHENTICATED FIRMWARE DOWNLOAD

In addition to providing a locking mechanism to prevent unwanted firmware download attempts, the drive also only accepts download files which have been cryptographically signed by the appropriate Seagate Design Center.

Three conditions must be met before the drive will allow the download operation:

1.The download must be an SED file. A standard (base) drive (non-SED) file will be rejected.

2.The download file must be signed and authenticated.

3.As with a non-SED drive, the download file must pass the acceptance criteria for the drive. For example it must be appli- cable to the correct drive model, and have compatible revision and customer status.

8.8POWER REQUIREMENTS

The standard drive models and the SED drive models have identical hardware, however the security and encryption portion of the drive controller ASIC is enabled and functional in the SED models. This represents a small additional drain on the 5V supply of about 30mA and a commensurate increase of about 150mW in power consumption. There is no additional drain on the 12V supply. See the tables in Section 6.2 for power requirements on the standard (non-SED) drive models.

8.9SUPPORTED COMMANDS

The SED models support the following two commands in addition to the commands supported by the standard (non-SED) models as listed in Table 9:

Security Protocol Out (B5h)

Security Protocol In (A2h)

CHEETAH 15K.7 SAS PRODUCT MANUAL, REV. F

32

Page 36 Page 38
Image 37
Page 36 Page 38
Contents SED Fips 140-2 models Standard models Self-Encrypting Drive modelsPage Contents Installation Defect and Error ManagementAbout Fips About SELF-ENCRYPTING Drives Interface RequirementsCheetah 15K.7 SAS Product MANUAL, REV. F III Seagate Technology Support Services Fips 140-2 L Evel ScopeSED Standards STANDARDS, Compliance and Reference DocumentsCompliance Korean KCC Australian C-TickTaiwanese Bsmi European Union Restriction of Hazardous Substances RohsGeneral Description Media Description Standard FeaturesPerformance Reliability FACTORY-INSTALLED OptionsFormatted Capacities ST3600057SS ST3450857SS ST3300657FCInternal Drive Characteristics Performance CharacteristicsAccess time Format command execution time minutesSTART/STOP Time General performance characteristicsPREFETCH/MULTI-SEGMENTED Cache Control Cache Operation Prefetch operation Caching write dataError Rates Reliability SpecificationsReliability and Service Hot plugging the drive Preventive maintenance4 S.M.A.R.T Controlling S.M.A.R.TMilliseconds Performance impactReporting control Determining rateParameter Code Description Temperature Log Page 0DhDrive Self Test DST DST failure definitionImplementation State of the drive prior to testingInvoking DST Short and extended testsLog page entries Product warrantyAbort ShippingAC Power Requirements PHYSICAL/ELECTRICAL SpecificationsDC Power Requirements 600 GB DC power requirements450 GB DC power requirements 300 GB DC power requirements Conducted noise immunity Power sequencingCurrent profiles Typical 450GB current profiles Power Dissipation 300GB model Temperature a. OperatingEnvironmental Limits Effective altitude sea level a. Operating Relative humidityShock Shock and vibrationRecommended mounting VibrationAcoustics Air cleanlinessCorrosive environment RoHS compliance statementUnits of Measure mm inches Mechanical SpecificationsValidation Program PurposeSeagate Enterprise SED About SELF-ENCRYPTING Drives Controlled AccessData Encryption Random Number Generator RNGPower Requirements Authenticated Firmware DownloadSupported Commands Drive LockingDrive Internal DEFECTS/ERRORS Defect and Error ManagementDrive Error Recovery Procedures Read and write retry count maximum recovery times SAS System ErrorsMedia PRE-SCAN Background Media ScanDeferred AUTO-REALLOCATION Idle Read After WriteDrive Orientation InstallationCooling Grounding Drive MountingInterface Requirements SAS FeaturesTask management functions Task management responsesCommands supported by Cheetah 15K.7 SAS family drives Scsi Commands SupportedCommands supported by Cheetah 15K.7 SAS family drives Commands supported by Cheetah 15K.7 SAS family drives Inquiry data Mode Sense dataCheetah 15K.7 inquiry data Cheetah 15K.7 SAS Product MANUAL, REV. F 11.3.2.1 600GBmodel Mode Sense data 11.3.2.2 450GB model Mode Sense data 11.3.2.3 300GB model Mode Sense data Supported Feature or condition Miscellaneous Operating Features and ConditionsMiscellaneous features SAS physical interfaceDatum B This Area Connector requirements Physical characteristicsElectrical description Pin descriptionsSignal Characteristics PowerSAS transmitters and receivers Ready LED OutSAS-2 Specification Compliance Differential signalsBPS Additional InformationIndex Page SAS See also cooling Americas Seagate Technology LLC
Related manuals
Manual 76 pages 20.21 Kb Manual 76 pages 46.69 Kb
Top Page Image Contents