Seagate SED FIPS 140-2 MODEL ユーザーズマニュアル
28
Constellation ES.2 Serial ATA Product Manual, Rev. D
6.7
Authenticated firmware download
In addition to providing a locking mechanism to prevent unwanted firmware download attempts, the drive also
only accepts download files which have been cryptographically signed by the appropriate Seagate Design
Center.
only accepts download files which have been cryptographically signed by the appropriate Seagate Design
Center.
Three conditions must be met before the drive will allow the download operation:
1.
The download must be an SED file. A standard (base) drive (non-SED) file will be rejected.
2.
The download file must be signed and authenticated.
3.
As with a non-SED drive, the download file must pass the acceptance criteria for the drive. For example it
must be applicable to the correct drive model, and have compatible revision and customer status.
must be applicable to the correct drive model, and have compatible revision and customer status.
6.8
Power requirements
The standard drive models and the SED drive models have identical hardware, however the security and
encryption portion of the drive controller ASIC is enabled and functional in the SED models. This represents a
small additional drain on the 5V supply of about 30mA and a commensurate increase of about 150mW in
power consumption. There is no additional drain on the 12V supply. See the tables in Section 3.8 for power
requirements on the standard (non-SED) drive models.
encryption portion of the drive controller ASIC is enabled and functional in the SED models. This represents a
small additional drain on the 5V supply of about 30mA and a commensurate increase of about 150mW in
power consumption. There is no additional drain on the 12V supply. See the tables in Section 3.8 for power
requirements on the standard (non-SED) drive models.
6.9
Supported commands
The SED models support the following two commands in addition to the commands supported by the standard
(non-SED) models as listed in Table 6:
(non-SED) models as listed in Table 6:
• Security Protocol Out (B5h)
• Security Protocol In (A2h)
• Security Protocol In (A2h)
6.10
RevertSP
The SED models will support RevertSP feature where it erases all data in all bands on the device and returns
the contents of all SPs (Security Providers) on the device to their Original Factory State.
the contents of all SPs (Security Providers) on the device to their Original Factory State.
6.11
ATA Security Erase Unit Command on SED SATA drives
The ATA SECURITY ERASE UNIT command shall support both the Normal and Enhanced erase modes with
the following modifications/additions:
the following modifications/additions:
• Normal Erase: Normal erase shall be accomplished by changing the media encryption key for the drive fol-
lowed by an overwrite operation that repeatedly writes a single sector containing random data to the entire
drive. The write operation shall bypass the media encryption. On reading back the overwritten sectors, the
host will receive a decrypted version, using the new encryption key, of the random data sector (the returned
data will not match what was written).
drive. The write operation shall bypass the media encryption. On reading back the overwritten sectors, the
host will receive a decrypted version, using the new encryption key, of the random data sector (the returned
data will not match what was written).
Enhanced Erase: Enhanced erase shall be accomplished by changing the media encryption key for the drive.
6.12
Sanitize Feature Set on SED Drives
The drive shall support the Sanitize Feature Set as defined in ANSI/INCITS ACS-2 with the exceptions and/or
modifications described in this section.
modifications described in this section.
The drive shall not support the OVERWRITE EXT and BLOCK ERASE EXT sub-commands.
Support of the SANITIZE FREEZE LOCK EXT command shall be determined on a customer-specific basis.
OEM drives shall support the command.
OEM drives shall support the command.