Seagate ST3600057FC manual Random number generator RNG, Drive locking, Data bands, Locking SP

Page 42

7.2.2Locking SP

The Locking SP controls read/write access to the media and the cryptographic erase feature. Access to the Locking SP is available using the BandMasterX or EraseMaster passwords. Since the drive owner can define up to 16 data bands on the drive, each data band has its own password called BandMasterX where X is the number of the data band (0 through 15).

7.2.3Default password

When the drive is shipped from the factory, all passwords are set to the value of MSID. This 32-byte random value is printed on the drive label and it can be read by the host electronically over the I/O. After receipt of the drive, it is the responsibility of the owner to use the default MSID password as the authority to change all other passwords to unique owner-specified values.

7.3Random number generator (RNG)

The drive has a 32-byte hardware RNG that it is uses to derive encryption keys or, if requested to do so, to pro- vide random numbers to the host for system use, including using these numbers as Authentication Keys (pass- words) for the drive’s Admin and Locking SPs.

7.4Drive locking

In addition to changing the passwords, as described in Section 7.2.3, the owner should also set the data access controls for the individual bands.

The variable "LockOnReset" should be set to "PowerCycle" to ensure that the data bands will be locked if power is lost. This scenario occurs if the drive is removed from its cabinet. The drive will not honor any data read or write requests until the bands have been unlocked. This prevents the user data from being accessed without the appropriate credentials when the drive has been removed from its cabinet and installed in another system.

When the drive is shipped from the factory, the firmware download port is locked and the drive will reject any attempt to download new firmware. The drive owner must use the SID credential to unlock the firmware down- load port before firmware updates will be accepted.

7.5Data bands

When shipped from the factory, the drive is configured with a single data band called Band 0 (also known as the Global Data Band) which comprises LBA 0 through LBA max. The host may allocate Band1 by specifying a start LBA and an LBA range. The real estate for this band is taken from the Global Band. An additional 14 Data Bands may be defined in a similar way (Band2 through Band15) but before these bands can be allocated LBA space, they must first be individually enabled using the EraseMaster password.

Data bands cannot overlap but they can be sequential with one band ending at LBA (x) and the next beginning at LBA (x+1).

Each data band has its own drive-generated encryption key and its own user-supplied password. The host may change the Encryption Key (see Section 7.6) or the password when required. The bands should be aligned to 4K LBA boundaries.

36

Cheetah 15K.7 FC Product Manual, Rev. A

Image 42
Contents Cheetah 15K.7 FC Standard models Self-Encrypting Drive modelsPage Contents About self-encrypting drives Defect and error managementInstallation Interface requirementsSeagate Technology support services Cheetah 15K.7 FC Product Manual, Rev. a Scope Model Number Capacity Self-Encrypting Drive SEDElectromagnetic compatibility Applicable standards and reference documentationStandards Electromagnetic susceptibilityEuropean Union Restriction of Hazardous Substances RoHS Reference documents Ncits TR-20General description Standard features Reliability Media descriptionPerformance Formatted capacitiesFactory-installed options User-installed accessoriesProgrammable drive capacity Seek performance characteristics Performance characteristicsInternal drive characteristics Access timeGeneral performance characteristics Start/stop timePrefetch/multi-segmented cache control Cache operation Caching write dataPrefetch operation Recoverable Errors Reliability specificationsError rates Unrecoverable ErrorsInterface errors Reliability and serviceSeek errors Preventive maintenancePerformance impact 4 S.M.A.R.TControlling S.M.A.R.T MillisecondsPredictive failures Temperature Log Page 0DhDetermining rate Thermal monitorDST failure definition State of the drive prior to testingDrive Self Test DST ImplementationExtended test Function Code 010b Short and extended testsShort test Function Code 001b Log page entriesProduct warranty ShippingProduct repair and return information Physical/electrical specifications AC power requirementsDC power requirements ST3600057FC DC power requirements Gbit Amps ST3450857FC DC power requirements Gbit AmpsGeneral DC power requirement notes ST3300657FC DC power requirements Gbit AmpsPower sequencing Conducted noise immunityCurrent profiles Typical ST3450857FC current profiles Typical ST3300657FC current profiles Power dissipation 600GB model450GB models Temperature a. Operating Environmental limits300GB models Relative humidity Effective altitude sea level a. OperatingPackage size Packaged/product weight Drop height Shock and vibrationShock Recommended mounting Acoustics Air cleanlinessVibration a. Operating-normal Corrosive environmentRoHS compliance statement Electromagnetic susceptibility See SectionMechanical specifications Mounting configuration dimensionsAbout self-encrypting drives Controlled accessAdmin SP Data encryptionDrive locking Default passwordRandom number generator RNG Data bandsSupported commands Authenticated firmware downloadPower requirements Cryptographic eraseDefect and error management Drive internal defects/errorsDrive error recovery procedures Page FC-AL system errors These values are subject to changeBackground Media Scan Media Pre-ScanDeferred Auto-Reallocation Idle Read After Write Installation Drive ID/option selectionDrive orientation Cooling Air flowDrive mounting GroundingLink services supported Type of frame FC-AL featuresFibre Channel link service frames Interface requirementsFibre Channel task management functions Fibre Channel task management responsesFC Scsi FCP response codes Function name Response code Fibre Channel port login NPort login Plogi payload BytesFibre Channel port login accept NPort Login Accept ACC payload BytesProcess Login Plri payload Process Login Accept ACC payload Bytes Fibre Channel Process Login AcceptFibre Channel fabric login Fabric Login Flogi payload BytesFibre Channel fabric accept login Fabric Login Accept ACC payload BytesFibre Channel Arbitrated Loop options Scsi commands supportedDual port support FC-AL options supportedSupported commands Cheetah 15K.7 FC Product Manual, Rev. a Cheetah 15K.7 FC Product Manual, Rev. a Background Medium Scan 15h Mode Sense data Inquiry dataCheetah 15K.7 FC inquiry data Bytes Data hex Page Mode Data Header Block Descriptor Ec b2 5c 00 00 02 Supported Feature or condition Miscellaneous operating features and conditionsMiscellaneous features Miscellaneous statusPhysical characteristics FC-AL physical interfacePhysical description Connector requirements Electrical descriptionPin descriptions FC-SCA pin descriptions Pin Signal name Signal type Pin Signal name Signal typeFC-AL transmitters and receivers Power Fault LED OutEnable port bypass signals Active LED OutMotor start controls Parallel Enclosure Services Interface ESI 10.5.11 SEL6 through SEL0 ID linesSetting Arbitrated loop physical address Alpa valuesHex Dec Signal characteristics TTL input characteristics provides the TTL characteristicsDevice control codes LED driver signals FC Differential outputFC Differential input Receive eye diagram Eye diagram data values Link rate GHz Seagate Technology support services Presales SupportTechnical Support Warranty Service Data Recovery Services Authorized Service CentersData Recovery Services Call Center Toll-free Direct dial Index NumericsDevctrlcode FCP Mtbf Page See also cooling Page Cheetah 15K.7 FC Product Manual, Rev. a Page Seagate Technology LLC
Related manuals
Manual 90 pages 41.74 Kb