Seagate ST3600057FC About self-encrypting drives, Data encryption, Controlled access, Admin SP

Page 41

7.0About self-encrypting drives

Self-encrypting drives (SEDs) offer encryption and security services for the protection of stored data, com- monly known as “protection of data at rest.” These drives are compliant with the Trusted Computing Group (TCG) Enterprise Storage Specifications as detailed in Section 2.3.

The Trusted Computing Group (TCG) is an organization sponsored and operated by companies in the com- puter, storage and digital communications industry. Seagate’s SED models comply with the standards pub- lished by the TCG.

To use the security features in the drive, the host must be capable of constructing and issuing the following two SCSI commands:

Security Protocol Out

Security Protocol In

These commands are used to convey the TCG protocol to and from the drive in their command payloads.

7.1Data encryption

Encrypting drives use one inline encryption engine for each port, employing AES-128 data encryption in Cipher Block Chaining (CBC) mode to encrypt all data prior to being written on the media and to decrypt all data as it is read from the media. The encryption engines are always in operation, cannot be disabled, and do not detract in any way from the performance of the drive.

The 32-byte Data Encryption Key (DEK) is a random number which is generated by the drive, never leaves the drive, and is inaccessible to the host system. The DEK is itself encrypted when it is stored on the media and when it is in volatile temporary storage (DRAM) external to the encryption engine. A unique data encryption key is used for each of the drive's possible16 data bands (see Section 7.5).

7.2Controlled access

The drive has two security partitions (SPs) called the "Admin SP" and the "Locking SP." These act as gate- keepers to the drive security services. Security-related commands will not be accepted unless they also supply the correct credentials to prove the requester is authorized to perform the command.

7.2.1Admin SP

The Admin SP allows the drive's owner to enable or disable firmware download operations (see Section 7.4). Access to the Admin SP is available using the SID (Secure ID) password or the MSID (Makers Secure ID) password.

Cheetah 15K.7 FC Product Manual, Rev. A

35

Image 41
Contents Standard models Self-Encrypting Drive models Cheetah 15K.7 FCPage Contents Installation Defect and error managementAbout self-encrypting drives Interface requirementsSeagate Technology support services Cheetah 15K.7 FC Product Manual, Rev. a Model Number Capacity Self-Encrypting Drive SED ScopeStandards Applicable standards and reference documentationElectromagnetic compatibility Electromagnetic susceptibilityEuropean Union Restriction of Hazardous Substances RoHS Ncits TR-20 Reference documentsGeneral description Standard features Performance Media descriptionReliability Formatted capacitiesProgrammable drive capacity Factory-installed optionsUser-installed accessories Internal drive characteristics Performance characteristicsSeek performance characteristics Access timePrefetch/multi-segmented cache control General performance characteristicsStart/stop time Caching write data Cache operationPrefetch operation Error rates Reliability specificationsRecoverable Errors Unrecoverable ErrorsSeek errors Reliability and serviceInterface errors Preventive maintenanceControlling S.M.A.R.T 4 S.M.A.R.TPerformance impact MillisecondsDetermining rate Temperature Log Page 0DhPredictive failures Thermal monitorDrive Self Test DST State of the drive prior to testingDST failure definition ImplementationShort test Function Code 001b Short and extended testsExtended test Function Code 010b Log page entriesProduct repair and return information Product warrantyShipping DC power requirements Physical/electrical specificationsAC power requirements ST3450857FC DC power requirements Gbit Amps ST3600057FC DC power requirements Gbit AmpsST3300657FC DC power requirements Gbit Amps General DC power requirement notesCurrent profiles Power sequencingConducted noise immunity Typical ST3450857FC current profiles Typical ST3300657FC current profiles 600GB model Power dissipation450GB models 300GB models Temperature a. OperatingEnvironmental limits Effective altitude sea level a. Operating Relative humidityShock Package size Packaged/product weight Drop heightShock and vibration Recommended mounting Vibration a. Operating-normal Air cleanlinessAcoustics Corrosive environmentElectromagnetic susceptibility See Section RoHS compliance statementMounting configuration dimensions Mechanical specificationsAdmin SP Controlled accessAbout self-encrypting drives Data encryptionRandom number generator RNG Default passwordDrive locking Data bandsPower requirements Authenticated firmware downloadSupported commands Cryptographic eraseDrive error recovery procedures Defect and error managementDrive internal defects/errors Page These values are subject to change FC-AL system errorsDeferred Auto-Reallocation Background Media ScanMedia Pre-Scan Idle Read After Write Drive orientation InstallationDrive ID/option selection Air flow CoolingGrounding Drive mountingFibre Channel link service frames FC-AL featuresLink services supported Type of frame Interface requirementsFC Scsi FCP response codes Function name Response code Fibre Channel task management functionsFibre Channel task management responses NPort login Plogi payload Bytes Fibre Channel port loginProcess Login Plri payload Fibre Channel port login acceptNPort Login Accept ACC payload Bytes Fibre Channel fabric login Fibre Channel Process Login AcceptProcess Login Accept ACC payload Bytes Fabric Login Flogi payload BytesFabric Login Accept ACC payload Bytes Fibre Channel fabric accept loginDual port support Scsi commands supportedFibre Channel Arbitrated Loop options FC-AL options supportedSupported commands Cheetah 15K.7 FC Product Manual, Rev. a Cheetah 15K.7 FC Product Manual, Rev. a Background Medium Scan 15h Cheetah 15K.7 FC inquiry data Bytes Data hex Mode Sense dataInquiry data Page Mode Data Header Block Descriptor Ec b2 5c 00 00 02 Miscellaneous features Miscellaneous operating features and conditionsSupported Feature or condition Miscellaneous statusPhysical description Physical characteristicsFC-AL physical interface Pin descriptions Connector requirementsElectrical description FC-AL transmitters and receivers FC-SCA pin descriptions Pin Signal name Signal typePin Signal name Signal type Fault LED Out PowerMotor start controls Enable port bypass signalsActive LED Out 10.5.11 SEL6 through SEL0 ID lines Parallel Enclosure Services Interface ESIHex Dec SettingArbitrated loop physical address Alpa values Device control codes Signal characteristicsTTL input characteristics provides the TTL characteristics FC Differential input LED driver signalsFC Differential output Receive eye diagram Eye diagram data values Link rate GHz Technical Support Seagate Technology support servicesPresales Support Data Recovery Services Call Center Toll-free Direct dial Warranty ServiceData Recovery Services Authorized Service Centers Numerics IndexDevctrlcode FCP Mtbf Page See also cooling Page Cheetah 15K.7 FC Product Manual, Rev. a Page Seagate Technology LLC
Related manuals
Manual 90 pages 41.74 Kb