Seagate ST3600957FC About self-encrypting drives, Data encryption, Controlled access, Admin SP

Page 43

9.0About self-encrypting drives

Self-encrypting drives (SEDs) offer encryption and security services for the protection of stored data, com- monly known as “protection of data at rest.” These drives are compliant with the Trusted Computing Group (TCG) Enterprise Storage Specifications as detailed in Section 3.3.

The Trusted Computing Group (TCG) is an organization sponsored and operated by companies in the com- puter, storage and digital communications industry. Seagate’s SED models comply with the standards pub- lished by the TCG.

To use the security features in the drive, the host must be capable of constructing and issuing the following two SCSI commands:

Security Protocol Out

Security Protocol In

These commands are used to convey the TCG protocol to and from the drive in their command payloads.

9.1Data encryption

Encrypting drives use one inline encryption engine for each port, employing AES-128 data encryption in Cipher Block Chaining (CBC) mode to encrypt all data prior to being written on the media and to decrypt all data as it is read from the media. The encryption engines are always in operation, cannot be disabled, and do not detract in any way from the performance of the drive.

The 32-byte Data Encryption Key (DEK) is a random number which is generated by the drive, never leaves the drive, and is inaccessible to the host system. The DEK is itself encrypted when it is stored on the media and when it is in volatile temporary storage (DRAM) external to the encryption engine. A unique data encryption key is used for each of the drive's possible16 data bands (see Section 9.5).

9.2Controlled access

The drive has two security partitions (SPs) called the "Admin SP" and the "Locking SP." These act as gate- keepers to the drive security services. Security-related commands will not be accepted unless they also supply the correct credentials to prove the requester is authorized to perform the command.

9.2.1Admin SP

The Admin SP allows the drive's owner to enable or disable firmware download operations (see Section 9.4). Access to the Admin SP is available using the SID (Secure ID) password or the MSID (Makers Secure ID) password.

Cheetah 15K.7 FC Product Manual, Rev. C

37

Image 43
Contents Standard models Self-Encrypting Drive models ST3600857FC ST3450657FC ST3300457FCSED Fips 140-2 models Page Contents Interface requirements Defect and error managementInstallation About Fips About self-encrypting drivesCheetah 15K.7 FC Product Manual, Rev. C Iii Cheetah 15K.7 FC Product Manual, Rev. C Seagate Online Support and Services Seagate Technology support servicesScope Electromagnetic susceptibility Applicable standards and reference documentationStandards Electromagnetic compatibilityEuropean Union Restriction of Hazardous Substances RoHS Ncits TR-20 Reference documentsGeneral description Standard features Formatted capacities Media descriptionPerformance ReliabilityUser-installed accessories Factory-installed optionsProgrammable drive capacity Access time Performance characteristicsInternal drive characteristics Seek performance characteristicsST3600057FC ST3450857FC ST3300657FC Format command execution time minutesGeneral performance characteristics Start/stop timeCache operation Prefetch/multi-segmented cache controlPrefetch operation Caching write dataUnrecoverable Errors Reliability specificationsError rates Recoverable ErrorsPreventive maintenance Reliability and serviceSeek errors Interface errorsMilliseconds 4 S.M.A.R.TControlling S.M.A.R.T Performance impactThermal monitor Temperature Log Page 0DhDetermining rate Predictive failuresImplementation State of the drive prior to testingDrive Self Test DST DST failure definitionLog page entries Short and extended testsShort test Function Code 001b Extended test Function Code 010bShipping Product warrantyProduct repair and return information AC power requirements Physical/electrical specificationsDC power requirements ST3450857FC DC power requirements Gbit Amps ST3600057FC DC power requirements Gbit AmpsST3300657FC DC power requirements Gbit Amps General DC power requirement notesConducted noise immunity Power sequencingCurrent profiles Typical ST3450857FC current profiles Typical ST3300657FC current profiles 600GB model Power dissipation450GB models Environmental limits Temperature a. Operating300GB models Effective altitude sea level a. Operating Relative humidityShock and vibration Package size Packaged/product weight Drop heightShock Recommended mounting Vibration a. Operating-normal Air cleanlinessAcoustics RoHS compliance statement Corrosive environmentElectromagnetic susceptibility See Section Mounting configuration dimensions Mechanical specificationsPurpose About FipsLevel 2 security Data encryption Controlled accessAdmin SP About self-encrypting drivesData bands Default passwordRandom number generator RNG Drive lockingCryptographic erase Authenticated firmware downloadPower requirements Supported commandsDrive internal defects/errors Defect and error managementDrive error recovery procedures Page These values are subject to change FC-AL system errorsMedia Pre-Scan Background Media ScanDeferred Auto-Reallocation Idle Read After Write Drive ID/option selection InstallationDrive orientation Air flow CoolingGrounding Drive mountingInterface requirements FC-AL featuresFibre Channel link service frames Link services supported Type of frameFibre Channel task management responses Fibre Channel task management functionsFC Scsi FCP response codes Function name Response code NPort login Plogi payload Bytes Fibre Channel port loginNPort Login Accept ACC payload Bytes Fibre Channel port login acceptProcess Login Plri payload Fabric Login Flogi payload Bytes Fibre Channel Process Login AcceptFibre Channel fabric login Process Login Accept ACC payload BytesFabric Login Accept ACC payload Bytes Fibre Channel fabric accept loginFC-AL options supported Scsi commands supportedDual port support Fibre Channel Arbitrated Loop optionsSupported commands Cheetah 15K.7 FC Product Manual, Rev. C Cheetah 15K.7 FC Product Manual, Rev. C Background Medium Scan 15h Inquiry data Mode Sense dataCheetah 15K.7 FC inquiry data Bytes Data hex Page Mode Data Header Block Descriptor Ec b2 5c 00 00 02 Miscellaneous status Miscellaneous operating features and conditionsMiscellaneous features Supported Feature or conditionFC-AL physical interface Physical characteristicsPhysical description Electrical description Connector requirementsPin descriptions Pin Signal name Signal type FC-SCA pin descriptions Pin Signal name Signal typeFC-AL transmitters and receivers Fault LED Out PowerActive LED Out Enable port bypass signalsMotor start controls 12.5.11 SEL6 through SEL0 ID lines Parallel Enclosure Services Interface ESIArbitrated loop physical address Alpa values SettingHex Dec TTL input characteristics provides the TTL characteristics Signal characteristicsDevice control codes FC Differential output LED driver signalsFC Differential input Receive eye diagram Eye diagram data values Link rate GHz Numerics IndexDevctrlcode FCP Mtbf Page See also cooling Page Cheetah 15K.7 FC Product Manual, Rev. C
Related manuals
Manual 90 pages 18.12 Kb