Technical information
HGST Ultrastar C15K600 Hard Disk Drive Specification
335
21.4.2.1
T10 End-To-End Data Protection
AES encryption is performed after T10 end-to-end data protection data has been added, so that the T10 information
is encrypted along with the customer data.
21.4.3
Deterministic Random Bit Generation (DRBG)
Pseudo-random number generation is implemented with a certified NIST SP800-90A DRBG. The DRBG uses AES
as a primitive for both entropy mixing and entropy output. DRBG state is kept private to ensure that the keys that are
generated by the device are unpredictable. The entropy source of the DRBG is servo subsystem noise. It has been
verified to NIST SP800-90B.
21.4.4
Key Wrap
The NIST SP800-38F key wrap algorithm is used to encrypt a key with another key (KEK= Key Encryption Key). For
any band i, the KEK_i is derived from PIN_i and salt_i using the NIST 800-132 algorithm. The KEK_i is then used to
wrap a bandās encryption key.
21.4.5
Key Erasure
Cryptographic erase procedure
ļ Erase and overwrite wrapped key material with 0x00.
ļ Erase and store the new wrapped key material.