Manualshelf

Technical information

ManualsBrandsHGST ManualsInternal Hard DrivesC15K600 450GB 20 Pack
331332333334335336337338339340
HGST Ultrastar C15K600 Hard Disk Drive Specification
334
21.4
Encryption Algorithms
21.4.1
Advanced Encryption Standard (AES) Support
AES encryption is implemented in hardware, with support for ECB or XTS mode for 128 bit or 256 bit keys. A single
key is active at any one time within the AES hardware engine. Firmware is responsible for reading the keys from
the hardware and also for determining which key is attached to a given LBA range; the hardware can only detect if
the LBA has been encrypted or not. The TCG protocol does not allow for a user to choose or switch between AES
algorithms, so it is up to the vendor to choose which AES algorithm is used in their implementation. The HGST
TCG SSC implementation in firmware supports AES 256-XTS only.
21.4.2
Level 0 Discovery Vendor Specific Data
This section refers to section 10.2.14 of the TCG Storage Security Subsystem Class document (see the
Specifications section of this document). This Vendor Specific section is documented below.
Table 283 Persistent Reserve In (5E)
Byte
Bit
7
6
5
4
3
2
1
0
16
Version (set to 0)
17
Vendor Specific State Information
18
Reserved
19
RSVD
MB_s
0
0
Diag_s
Dload_s
Locking_s
FDE_s
20
Reserved
21
RSVD
MB_e
0
0
Diag_s
Dload_e
Locking_e
FDE_e
22
0
0
0
0
0
0
0
inFIPS
23-47
Reserved
FDE_s/FDE_e - Full disk encryption is Supported (equivalent to Media Encryption in Locking Feature Descriptor
Enterprise SSC 10.2.14) / Full disk encryption is Enabled on one or more band.
Locking_s/Locking_e - LBA band locking is supported - locking object exists in the locking SP of the device
(equivalent to Locking Enabled in Locking Feature Descriptor Enterprise SSC 10.2.14) / The locking object for a
band has either ReadLocked or WriteLocked attribute set (equivalent to Locked in Locking Feature Descriptor
Enterprise SSC 10.2.14).
Dload_s/Dload_e - support for Admin SP Firmware download port / Firmware download port via Admin SP is
locked.
Diag_s/Diag_e - Support for Admin SP vendor specific Diagnostic port / Diagnostics port via Admin SP is locked.
MB_s/MB_e - Multiple encrypting bands supported / multiple encrypting bands enabled. This bit shall be set to 1 if
more than one band exists in addition to the global band and is defined with at least one LBA.
inFIPS This bit is set when FIPS mode has been configured.