9.6Cryptographic erase
A significant feature of SEDs is the ability to perform a cryptographic erase. This involves the host telling the drive to change the data encryption key for a particular band. Once changed, the data is no longer recoverable since it was written with one key and will be read using a different key. Since the drive overwrites the old key with the new one, and keeps no history of key changes, the user data can never be recovered. This is tanta- mount to an instantaneous data erase and is very useful if the drive is to be scrapped or redispositioned.
9.7Authenticated firmware download
In addition to providing a locking mechanism to prevent unwanted firmware download attempts, the drive also only accepts download files which have been cryptographically signed by the appropriate Seagate Design Center.
Three conditions must be met before the drive will allow the download operation:
1.The download must be an SED file. A standard (base) drive
2.The download file must be signed and authenticated.
3.As with a
9.8Power requirements
The standard drive models and the SED drive models have identical hardware, however the security and encryption portion of the drive controller ASIC is enabled and functional in the SED models. This represents a small additional drain on the 5V supply of about 30mA and a commensurate increase of about 150mW in power consumption. There is no additional drain on the 12V supply. See the tables in Section 7.2 for power requirements on the standard
9.9Supported commands
The SED models support the following two commands in addition to the commands supported by the standard
•Security Protocol Out (B5h)
•Security Protocol In (A2h)
Cheetah 15K.7 FC Product Manual, Rev. C | 39 |