Seagate ST200FM0002 Pulsar.2 SAS Product Manual - Page 52

Seagate ST200FM0002 Manual

Get Seagate ST200FM0002 PDF manuals and user guides View all Seagate ST200FM0002 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 52 highlights

9.7 Authenticated firmware download In addition to providing a locking mechanism to prevent unwanted firmware download attempts, the drive also only accepts download files which have been cryptographically signed by the appropriate Seagate Design Center. Three conditions must be met before the drive will allow the download operation: 1. The download must be an SED file. A standard (base) drive (non-SED) file will be rejected. 2. The download file must be signed and authenticated. 3. As with a non-SED drive, the download file must pass the acceptance criteria for the drive. For example it must be applicable to the correct drive model, and have compatible revision and customer status. 9.8 Power requirements The standard drive models and the SED drive models have identical hardware, however the security and encryption portion of the drive controller ASIC is enabled and functional in the SED models. This represents a small additional drain on the 5V supply of about 30mA and a commensurate increase of about 150mW in power consumption. There is no additional drain on the 12V supply. See the tables in Section 7.3 for power requirements on the standard (non-SED) drive models. 9.9 Supported commands The SED models support the following two commands in addition to the commands supported by the standard (non-SED) models as listed in Table 16: • SECURITY PROTOCOL OUT (B5h) • SECURITY PROTOCOL IN (A2h) 9.10 Sanitize - Cryptographic Erase This command cryptographically erases all user data on the drive by destroying the current data encryption key and replacing it with a new data encryption key randomly generated by the drive. Sanitize CRYPTOGRAPHIC ERASE is a SCSI CDB Op code 48h and selecting the service action code 3 (CRYPTOGRAPHIC ERASE). 9.11 RevertSP SED models will support the RevertSP feature which erases all data in all bands on the device and returns the contents of all SPs (Security Providers) on the device to their original factory state. In order to execute the RevertSP method the unique PSID (Physical Secure ID) printed on the drive label must be provided. PSID is not electronically accessible and can only be manually read from the drive label or scanned in via the 2D barcode. 9.12 Sanitize Feature Set on SED Drives The drive shall support the Sanitize Feature Set as defined in ANSI/INCITS ACS-2 with the exceptions and/or modifications described in this section. The drive shall not support the OVERWRITE EXT and BLOCK ERASE EXT sub-commands. Support of the SANITIZE FREEZE LOCK EXT command shall be determined on a customer-specific basis. OEM drives shall support the command. 44 Pulsar.2 SAS Product Manual, Rev. B

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
44
Pulsar.2 SAS Product Manual, Rev. B
9.7
Authenticated firmware download
In addition to providing a locking mechanism to prevent unwanted firmware download attempts, the drive also
only accepts download files which have been cryptographically signed by the appropriate Seagate Design
Center.
Three conditions must be met before the drive will allow the download operation:
1.
The download must be an SED file. A standard (base) drive (non-SED) file will be rejected.
2.
The download file must be signed and authenticated.
3.
As with a non-SED drive, the download file must pass the acceptance criteria for the drive. For example it
must be applicable to the correct drive model, and have compatible revision and customer status.
9.8
Power requirements
The standard drive models and the SED drive models have identical hardware, however the security and
encryption portion of the drive controller ASIC is enabled and functional in the SED models. This represents a
small additional drain on the 5V supply of about 30mA and a commensurate increase of about 150mW in
power consumption. There is no additional drain on the 12V supply. See the tables in Section 7.3 for power
requirements on the standard (non-SED) drive models.
9.9
Supported commands
The SED models support the following two commands in addition to the commands supported by the standard
(non-SED) models as listed in Table 16:
SECURITY PROTOCOL OUT (B5h)
SECURITY PROTOCOL IN (A2h)
9.10
Sanitize - Cryptographic Erase
This command cryptographically erases all user data on the drive by destroying the current data encryption key
and replacing it with a new data encryption key randomly generated by the drive.
Sanitize CRYPTOGRAPHIC
ERASE is a SCSI CDB Op code 48h and selecting the service action code 3 (CRYPTOGRAPHIC ERASE).
9.11
RevertSP
SED models will support the RevertSP feature which erases all data in all bands on the device and returns the
contents of all SPs (Security Providers) on the device to their original factory state. In order to execute the
RevertSP method the unique PSID (Physical Secure ID) printed on the drive label must be provided.
PSID is
not electronically accessible and can only be manually read from the drive label or scanned in via the 2D bar-
code.
9.12
Sanitize Feature Set on SED Drives
The drive shall support the Sanitize Feature Set as defined in ANSI/INCITS ACS-2 with the exceptions and/or
modifications described in this section.
The drive shall not support the OVERWRITE EXT and BLOCK ERASE EXT sub-commands.
Support of the SANITIZE FREEZE LOCK EXT command shall be determined on a customer-specific basis.
OEM drives shall support the command.