Текст страницы
10.21.4 Encryption Algorithms
10.21.4.1 Advanced Encryption Standard (AES) Support
AES encryption is implemented in hardware, with support for ECB or XTS mode for 128 bit or 256 bit keys.
A single key is active at any one time within the AES hardware engine. Firmware is responsible for reading the keys
from the hardware and also for determining which key is attached to a given LBA range; the hardware can only detect
if the LBA has been encrypted or not. The TCG protocol does not allow for a user to choose or switch between AES
algorithms, so it is up to the vendor to choose which AES algorithm is used in their implementation. The Western
Digital TCG Enterprise SSC implementation in firmware supports AES 256-XTS only.
The AES hardware implementation used for the range encryption has received the FIPS 197 certification by the US
National Institute of Standards (NIST), which are available on the NIST
10.21.4.2 ‘Level 0 Discovery’ Vendor Specific Data
This section refers to Section 3.6.2 of the TCG Storage Security Subsystem Class document (see the Specifications
section of this document). This Vendor Specific section is documented below.
Table 67 Vendor Specific Data for Level 0 Discovery
Bit
Byte
7
6
5
4
3
2
1
0
16
Version (set to 0)
17
Vendor Specific State Information
18
Reserved
19
RSVD
MB_s
0
0
Diag_s
Dload_s
Locking_s
FDE_s
20
Reserved
21
RSVD
MB_e
0
0
Diag_e
Dload_e
Locking_e
FDE_e
22
0
0
0
0
0
0
0
0
23-47
Reserved
FDE_s/FDE_e - Full disk encryption is Supported (equivalent to Media Encryption in Locking Feature Descriptor
Enterprise SSC 3.6.2.5) / Full disk encryption is Enabled on one or more band.
Locking_s/Locking_e - LBA band locking is supported - locking object exists in the locking SP of the device (equivalent
to Locking Enabled in Locking Feature Descriptor Enterprise SSC 3.6.2.5) / The locking object for a band has either
ReadLocked or WriteLocked attribute set (equivalent to Locked in Locking Feature Descriptor Enterprise SSC 3.6.2.5).
Dload_s/Dload_e - support for Admin SP Firmware download port / Firmware download port via Admin SP is locked.
Diag_s/Diag_e - Support for Admin SP vendor specific Diagnostic port / Diagnostics port via Admin SP is locked.
MB_s/MB_e - Multiple encrypting bands supported / multiple encrypting bands enabled. This bit shall be set to 1 if
more than one band exists in addition to the global band and is defined with at least one LBA.
10.21.4.3 Deterministic Random Bit Generation (DRBG)
Pseudo-random number generation is implemented with a certified NIST SP800-90A DRBG. The DRBG uses AES
as a primitive for both entropy mixing and entropy output. DRBG state is kept private to ensure that the keys that are
generated by the device are unpredictable. The entropy source of the DRBG is servo subsystem noise. It has been
verified to NIST SP800-90B.
10.21.4.4 Key Erasure
Cryptographic erase procedure
- Erase and overwrite wrapped key material with 0x00.
- Erase and store the new wrapped key material.
110
Hard Disk Drive Specification