Seagate ST3600857FC manual Random number generator RNG, Drive locking, Data bands, Locking SP

Page 44

9.2.2Locking SP

The Locking SP controls read/write access to the media and the cryptographic erase feature. Access to the Locking SP is available using the BandMasterX or EraseMaster passwords. Since the drive owner can define up to 16 data bands on the drive, each data band has its own password called BandMasterX where X is the number of the data band (0 through 15).

9.2.3Default password

When the drive is shipped from the factory, all passwords are set to the value of MSID. This 32-byte random value is printed on the drive label and it can be read by the host electronically over the I/O. After receipt of the drive, it is the responsibility of the owner to use the default MSID password as the authority to change all other passwords to unique owner-specified values.

9.3Random number generator (RNG)

The drive has a 32-byte hardware RNG that it is uses to derive encryption keys or, if requested to do so, to pro- vide random numbers to the host for system use, including using these numbers as Authentication Keys (pass- words) for the drive’s Admin and Locking SPs.

9.4Drive locking

In addition to changing the passwords, as described in Section 9.2.3, the owner should also set the data access controls for the individual bands.

The variable "LockOnReset" should be set to "PowerCycle" to ensure that the data bands will be locked if power is lost. This scenario occurs if the drive is removed from its cabinet. The drive will not honor any data read or write requests until the bands have been unlocked. This prevents the user data from being accessed without the appropriate credentials when the drive has been removed from its cabinet and installed in another system.

When the drive is shipped from the factory, the firmware download port is locked and the drive will reject any attempt to download new firmware. The drive owner must use the SID credential to unlock the firmware down- load port before firmware updates will be accepted.

9.5Data bands

When shipped from the factory, the drive is configured with a single data band called Band 0 (also known as the Global Data Band) which comprises LBA 0 through LBA max. The host may allocate Band1 by specifying a start LBA and an LBA range. The real estate for this band is taken from the Global Band. An additional 14 Data Bands may be defined in a similar way (Band2 through Band15) but before these bands can be allocated LBA space, they must first be individually enabled using the EraseMaster password.

Data bands cannot overlap but they can be sequential with one band ending at LBA (x) and the next beginning at LBA (x+1).

Each data band has its own drive-generated encryption key and its own user-supplied password. The host may change the Encryption Key (see Section 9.6) or the password when required. The bands should be aligned to 4K LBA boundaries.

38

Cheetah 15K.7 FC Product Manual, Rev. C

Image 44
Contents SED Fips 140-2 models ST3600857FC ST3450657FC ST3300457FCStandard models Self-Encrypting Drive models Page Contents Defect and error management InstallationAbout Fips About self-encrypting drives Interface requirementsCheetah 15K.7 FC Product Manual, Rev. C Iii Cheetah 15K.7 FC Product Manual, Rev. C Seagate Technology support services Seagate Online Support and ServicesScope Applicable standards and reference documentation StandardsElectromagnetic compatibility Electromagnetic susceptibilityEuropean Union Restriction of Hazardous Substances RoHS Reference documents Ncits TR-20General description Standard features Media description PerformanceReliability Formatted capacitiesProgrammable drive capacity Factory-installed optionsUser-installed accessories Performance characteristics Internal drive characteristicsSeek performance characteristics Access timeFormat command execution time minutes General performance characteristicsStart/stop time ST3600057FC ST3450857FC ST3300657FCPrefetch/multi-segmented cache control Cache operationCaching write data Prefetch operationReliability specifications Error ratesRecoverable Errors Unrecoverable ErrorsReliability and service Seek errorsInterface errors Preventive maintenance4 S.M.A.R.T Controlling S.M.A.R.TPerformance impact MillisecondsTemperature Log Page 0Dh Determining ratePredictive failures Thermal monitorState of the drive prior to testing Drive Self Test DSTDST failure definition ImplementationShort and extended tests Short test Function Code 001bExtended test Function Code 010b Log page entriesProduct repair and return information Product warrantyShipping DC power requirements Physical/electrical specificationsAC power requirements ST3600057FC DC power requirements Gbit Amps ST3450857FC DC power requirements Gbit AmpsGeneral DC power requirement notes ST3300657FC DC power requirements Gbit AmpsCurrent profiles Power sequencingConducted noise immunity Typical ST3450857FC current profiles Typical ST3300657FC current profiles Power dissipation 600GB model450GB models 300GB models Temperature a. OperatingEnvironmental limits Relative humidity Effective altitude sea level a. OperatingShock Package size Packaged/product weight Drop heightShock and vibration Recommended mounting Acoustics Air cleanlinessVibration a. Operating-normal Electromagnetic susceptibility See Section Corrosive environmentRoHS compliance statement Mechanical specifications Mounting configuration dimensionsLevel 2 security About FipsPurpose Controlled access Admin SPAbout self-encrypting drives Data encryptionDefault password Random number generator RNGDrive locking Data bandsAuthenticated firmware download Power requirementsSupported commands Cryptographic eraseDrive error recovery procedures Defect and error managementDrive internal defects/errors Page FC-AL system errors These values are subject to changeDeferred Auto-Reallocation Background Media ScanMedia Pre-Scan Idle Read After Write Drive orientation InstallationDrive ID/option selection Cooling Air flowDrive mounting GroundingFC-AL features Fibre Channel link service framesLink services supported Type of frame Interface requirementsFC Scsi FCP response codes Function name Response code Fibre Channel task management functionsFibre Channel task management responses Fibre Channel port login NPort login Plogi payload BytesProcess Login Plri payload Fibre Channel port login acceptNPort Login Accept ACC payload Bytes Fibre Channel Process Login Accept Fibre Channel fabric loginProcess Login Accept ACC payload Bytes Fabric Login Flogi payload BytesFibre Channel fabric accept login Fabric Login Accept ACC payload BytesScsi commands supported Dual port supportFibre Channel Arbitrated Loop options FC-AL options supportedSupported commands Cheetah 15K.7 FC Product Manual, Rev. C Cheetah 15K.7 FC Product Manual, Rev. C Background Medium Scan 15h Cheetah 15K.7 FC inquiry data Bytes Data hex Mode Sense dataInquiry data Page Mode Data Header Block Descriptor Ec b2 5c 00 00 02 Miscellaneous operating features and conditions Miscellaneous featuresSupported Feature or condition Miscellaneous statusPhysical description Physical characteristicsFC-AL physical interface Pin descriptions Connector requirementsElectrical description FC-AL transmitters and receivers FC-SCA pin descriptions Pin Signal name Signal typePin Signal name Signal type Power Fault LED OutMotor start controls Enable port bypass signalsActive LED Out Parallel Enclosure Services Interface ESI 12.5.11 SEL6 through SEL0 ID linesHex Dec SettingArbitrated loop physical address Alpa values Device control codes Signal characteristicsTTL input characteristics provides the TTL characteristics FC Differential input LED driver signalsFC Differential output Receive eye diagram Eye diagram data values Link rate GHz Index NumericsDevctrlcode FCP Mtbf Page See also cooling Page Cheetah 15K.7 FC Product Manual, Rev. C
Related manuals
Manual 90 pages 18.12 Kb