Home » Seagate Manuals » Hard Drives » Seagate ST91000642SS » Manual Viewer

Seagate ST91000642SS Constellation SAS Product Manual - Page 43

About self-encrypting drives

View all Seagate ST91000642SS manuals

Add to My Manuals
Save this manual to your list of manuals

Page 43 highlights

9.0 About self-encrypting drives Self-encrypting drives (SEDs) offer encryption and security services for the protection of stored data, commonly known as "protection of data at rest." These drives are compliant with the Trusted Computing Group (TCG) Enterprise Storage Specifications as detailed in Section 3.2. The Trusted Computing Group (TCG) is an organization sponsored and operated by companies in the computer, storage and digital communications industry. Seagate's SED models comply with the standards published by the TCG. To use the security features in the drive, the host must be capable of constructing and issuing the following two SCSI commands: • Security Protocol Out • Security Protocol In These commands are used to convey the TCG protocol to and from the drive in their command payloads. 9.1 Data encryption Encrypting drives use one inline encryption engine for each port, employing AES-128 data encryption in Cipher Block Chaining (CBC) mode to encrypt all data prior to being written on the media and to decrypt all data as it is read from the media. The encryption engines are always in operation, cannot be disabled, and do not detract in any way from the performance of the drive. The 32-byte Data Encryption Key (DEK) is a random number which is generated by the drive, never leaves the drive, and is inaccessible to the host system. The DEK is itself encrypted when it is stored on the media and when it is in volatile temporary storage (DRAM) external to the encryption engine. A unique data encryption key is used for each of the drive's possible16 data bands (see Section 9.5). 9.2 Controlled access The drive has two security partitions (SPs) called the "Admin SP" and the "Locking SP." These act as gatekeepers to the drive security services. Security-related commands will not be accepted unless they also supply the correct credentials to prove the requester is authorized to perform the command. 9.2.1 Admin SP The Admin SP allows the drive's owner to enable or disable firmware download operations (see Section 9.4). Access to the Admin SP is available using the SID (Secure ID) password or the MSID (Makers Secure ID) password. Constellation SAS Product Manual, Rev. F 35

Section	Page
1.0 Seagate Technology support services	9
2.0 Scope	10
3.0 Applicable standards and reference documentation	11
3.1 Standards	11
3.1.1 Electromagnetic compatibility	11
3.1.1.1 Electromagnetic susceptibility	11
3.1.2 Electromagnetic compliance	12
3.1.3 European Union Restriction of Hazardous Substances (RoHS)	13
3.2 Reference documents	13
4.0 General description	14
4.1 Standard features	15
4.2 Media description	15
4.3 Performance	16
4.4 Reliability	16
4.5 Formatted capacities	16
4.6 Programmable drive capacity	16
4.7 Factory-installed options	17
5.0 Performance characteristics	18
5.1 Internal drive characteristics	18
5.2 Seek performance characteristics	18
5.2.1 Access time	18
5.2.2 Format command execution time for 512-byte sectors (minutes)	19
5.2.3 General performance characteristics	19
5.3 Start/stop time	19
5.4 Prefetch/multi-segmented cache control	20
5.5 Cache operation	20
5.5.1 Caching write data	21
5.5.2 Prefetch operation	21
6.0 Reliability specifications	22
6.1 Error rates	22
6.1.1 Recoverable Errors	22
6.1.2 Unrecoverable Errors	22
6.1.3 Seek errors	23
6.1.4 Interface errors	23
6.2 Reliability and service	23
6.2.1 Annualized Failure Rate (AFR) and Mean Time Between Failure (MTBF)	23
6.2.2 Preventive maintenance	23
6.2.3 Hot plugging the drive	23
6.2.4 S.M.A.R.T.	24
6.2.5 Thermal monitor	25
6.2.6 Drive Self Test (DST)	26
6.2.6.1 DST failure definition	26
6.2.6.2 Implementation	26
6.2.7 Product warranty	28
7.0 Physical/electrical specifications	29
7.1 PowerChoiceTM power management	29
7.1.1 PowerChoice reporting methods	30
7.2 AC power requirements	30
7.3 DC power requirements	30
7.3.1 Conducted noise immunity	32
7.3.2 Power sequencing	32
7.3.3 Current profiles	33
7.4 Power dissipation	34
7.5 Environmental limits	36
7.5.1 Temperature	36
7.5.2 Relative humidity	36
7.5.3 Effective altitude (sea level)	37
7.5.4 Shock and vibration	37
7.5.4.1 Shock	37
7.5.4.2 Vibration	39
7.5.5 Air cleanliness	39
7.5.6 Corrosive environment	39
7.5.7 Acoustics	40
7.5.8 Electromagnetic susceptibility	40
7.6 Mechanical specifications	41
8.0 About FIPS	42
9.0 About self-encrypting drives	43
9.1 Data encryption	43
9.2 Controlled access	43
9.2.1 Admin SP	43
9.2.2 Locking SP	44
9.2.3 Default password	44
9.3 Random number generator (RNG)	44
9.4 Drive locking	44
9.5 Data bands	44
9.6 Cryptographic erase	45
9.7 Authenticated firmware download	45
9.8 Power requirements	45
9.9 Supported commands	45
10.0 Defect and error management	46
10.1 Drive internal defects/errors	46
10.2 Drive error recovery procedures	46
10.3 SAS system errors	47
10.4 Background Media Scan	48
10.5 Media Pre-Scan	48
10.6 Deferred Auto-Reallocation	48
10.7 Idle Read After Write	49
11.0 Installation	50
11.1 Drive orientation	50
11.2 Cooling	51
11.3 Drive mounting	52
11.4 Grounding	52
12.0 Interface requirements	53
12.1 SAS features	53
12.1.1 task management functions	53
12.1.2 task management responses	53
12.2 Dual port support	54
12.3 SCSI commands supported	55
12.3.1 Inquiry data	59
12.3.2 Mode Sense data	59
12.4 Miscellaneous operating features and conditions	62
12.4.1 SAS physical interface	63
12.4.2 Physical characteristics	66
12.4.3 Connector requirements	66
12.4.4 Electrical description	66
12.4.5 Pin descriptions	66
12.4.6 SAS transmitters and receivers	67
12.4.7 Power	67
12.5 Signal characteristics	67
12.5.1 Ready LED Out	67
12.5.2 Differential signals	68
12.6 SAS-2 Specification Compliance	68
12.7 Additional information	68
Numerics	69
A	69
B	69
C	69
D	69
E	70
F	70
G	70
H	70
I	70
J	70
K	70
L	71
M	71
N	71
O	71
P	71
Q	71
R	72
S	72
T	72
U	73
V	73
W	73

Match case Limit results 1 per page

Constellation SAS Product Manual, Rev. F

9.0

About self-encrypting drives

Self-encrypting drives (SEDs) offer encryption and security services for the protection of stored data, com-

monly known as “protection of data at rest.” These drives are compliant with the Trusted Computing Group

(TCG) Enterprise Storage Specifications as detailed in Section 3.2.

The Trusted Computing Group (TCG) is an organization sponsored and operated by companies in the com-

puter, storage and digital communications industry. Seagate’s SED models comply with the standards pub-

lished by the TCG.

To use the security features in the drive, the host must be capable of constructing and issuing the following two

SCSI commands:

•

Security Protocol Out

•

Security Protocol In

These commands are used to convey the TCG protocol to and from the drive in their command payloads.

9.1

Data encryption

Encrypting drives use one inline encryption engine for each port, employing AES-128 data encryption in Cipher

Block Chaining (CBC) mode to encrypt all data prior to being written on the media and to decrypt all data as it

is read from the media. The encryption engines are always in operation, cannot be disabled, and do not detract

in any way from the performance of the drive.

The 32-byte Data Encryption Key (DEK) is a random number which is generated by the drive, never leaves the

drive, and is inaccessible to the host system. The DEK is itself encrypted when it is stored on the media and

when it is in volatile temporary storage (DRAM) external to the encryption engine. A unique data encryption

key is used for each of the drive's possible16 data bands (see Section 9.5).

9.2

Controlled access

The drive has two security partitions (SPs) called the "Admin SP" and the "Locking SP." These act as gate-

keepers to the drive security services. Security-related commands will not be accepted unless they also supply

the correct credentials to prove the requester is authorized to perform the command.

9.2.1

Admin SP

The Admin SP allows the drive's owner to enable or disable firmware download operations (see Section 9.4).

Access to the Admin SP is available using the SID (Secure ID) password or the MSID (Makers Secure ID)

password.