Текст страницы
Firmware Download and Signing
Digitally signed WDC Firmware downloaded to WDC branded drives provides a mechanism for secure updates
through the Host interface. Firmware is downloaded to the drive through the host interface, and the signature is
verified using a public key installed in the reserved area during manufacturing, before it is loaded to RAM or
installed in the reserved area on the HDD.
Signature verification uses the RSA-PSS (Probabilistic Signature Scheme) signature verification algorithm with
EMSA-SHA256 as padding function.
All WDC firmware packages are signed. All WDC branded drives verify the signature. If the signature fails to verify,
WDC branded drives reject the downloaded firmware package. Failures to authenticate the firmware image will
result in Check Condition with KCQ 5/26/9a (FRU 0). The act of issuing a firmware download to the drive will result
in an implicit close of all open sessions at the security layer.
Ports
The ports capability is a WDC feature which is not a requirement under TCG Enterprise SSC. In order to use the
ports capabilities on encryption drives, the user must successfully authenticate. Once a user successfully
authenticates, they may change the state of any of the ports at any time during an active session to either the
locked or unlocked state. The functionality and definition of these ports is shown below in a table.
The feature does make use of the TCG structures and tables. An additional table, the ports table, has been
implemented, and additional entries were made to the Admin SP ACE table and the Admin SP AccessControl
Table. The ports table and the modified TCG Enterprise SSC tables are shown below.
Port Name
Description
Firmware Download
This port has 2 valid states: locked and unlocked.
On encryption drives, the download port is unlocked initially, Lock On Reset is "Null".
Code can be downloaded onto the drive after the signature is successfully verified. If the
signature cannot be verified successfully, no firmware can be downloaded to the drive.
The user can change the state of the firmware download port only after authentication.
On non-encryption drives, this port will be set to unlocked at the factory, and the state
cannot be changed by the user. The digital signature of all firmware downloaded to the
non-encryption drive through this port is verified by the drive.
Diagnostics
This port has 2 valid states: locked and unlocked. This port allows WDC access to modify
any TCG table or key. In order to open this port both the SID and the Maker authorities
need to be authenticated. The purpose of this port is to aid WDC in debugging
Table 81 Ports Functionality
UID
Name
LockOnReset
PortLocked
00 01 00 02 00 01 00 02
Firmware_Dload_Port
Null
FALSE
00 01 00 02 00 01 00 01
Diagnostic_Port
PowerCycle
TRUE
Table 82 Ports Table
120
Western Digital Ultrastar DC HC310 SATA Product Manual