Seagate ST5000AS0001 ユーザーズマニュアル
Seagate Archive HDD Product Manual, Rev. C
19
4.6
Cryptographic Erase
A significant feature of SEDs is the ability to perform a cryptographic erase. This involves the host telling the drive to change
the data encryption key for a particular band. Once changed, the data is no longer recoverable since it was written with one
key and will be read using a different key. Since the drive overwrites the old key with the new one, and keeps no history of key
changes, the user data can never be recovered. This is tantamount to an instantaneous data erase and is very useful if the
drive is to be scrapped or redispositioned.
the data encryption key for a particular band. Once changed, the data is no longer recoverable since it was written with one
key and will be read using a different key. Since the drive overwrites the old key with the new one, and keeps no history of key
changes, the user data can never be recovered. This is tantamount to an instantaneous data erase and is very useful if the
drive is to be scrapped or redispositioned.
4.7
Authenticated Firmware Download
In addition to providing a locking mechanism to prevent unwanted firmware download attempts, the drive also only accepts
download files which have been cryptographically signed by the appropriate Seagate Design Center.
download files which have been cryptographically signed by the appropriate Seagate Design Center.
Three conditions must be met before the drive will allow the download operation:
1. The download must be an SED file. A standard (base) drive (non-SED) file will be rejected.
2. The download file must be signed and authenticated.
3. As with a non-SED drive, the download file must pass the acceptance criteria for the drive. For example it must be
applicable to the correct drive model, and have compatible revision and customer status.
4.8
Power Requirements
The standard drive models and the SED drive models have identical hardware, however the security and encryption portion of
the drive controller ASIC is enabled and functional in the SED models. This represents a small additional drain on the 5V supply
of about
the drive controller ASIC is enabled and functional in the SED models. This represents a small additional drain on the 5V supply
of about
30mA and a commensurate increase of about 150mW in power consumption. There is no additional drain on the 12V supply.
See the tables in
See the tables in
Power specifications" for power requirements on the standard (non-SED) drive models.
4.9
Supported Commands
The SED models support the following two commands in addition to the commands supported by the standard (non-SED)
models as listed in
models as listed in
Trusted Send
Trusted Receive
4.10
RevertSP
SED models will support the RevertSP feature which erases all data in all bands on the device and returns the contents of all
SPs (Security Providers) on the device to their original factory state. In order to execute the RevertSP method the unique PSID
(Physical Secure ID) printed on the drive label must be provided. PSID is not electronically accessible and can only be
manually read from the drive label or scanned in via the 2D barcode.
SPs (Security Providers) on the device to their original factory state. In order to execute the RevertSP method the unique PSID
(Physical Secure ID) printed on the drive label must be provided. PSID is not electronically accessible and can only be
manually read from the drive label or scanned in via the 2D barcode.