Technical information

ManualsBrandsHGST ManualsInternal Hard DrivesC15K600 450GB 20 Pack

331

332

333

334

335

336

337

338

339

340

HGST Ultrastar C15K600 Hard Disk Drive Specification

339

21.6

Firmware Download and Signing

The HGST Firmware signing and download for encryption drives is meant to provide a mechanism for secure

updates through the Host interface. Firmware is downloaded to the drive through the host interface, and the

signature is verified using a public key installed in the reserved area during manufacturing, before it is loaded to RAM

or installed in the reserved area on the HDD.

Signature verification uses the RSA-PSS (Probabilistic Signature Scheme) signature verification algorithm with

EMSA-SHA256 as padding function. The firmware was designed and implemented with the intention of meeting

the signing requirements under FIPS 140-2.

All HGST firmware packages will be signed, but only encryption enabled drives will verify the signature. If the

signature cannot be successfully verified on encryption drives, the firmware cannot be downloaded onto the HGST

encryption drives. Failures to authenticate the firmware image will result in Check Condition with KCQ 5/26/9a

(FRU 0). The act of issuing a firmware download to the drive will result in an implicit close of all open sessions at

the security layer.

21.7

Revert Feature

HGST has extended TCG Enterprise to include the TCG Opal Revert method. Revert enables the customer, as

needed by organizational policy, to overwrite existing TCG settings to the default values that were written

during manufacturing.

Revert introduces a new TCG authority, PSID, to the Admin SP. During manufacturing, the PSID is hashed, and

the digest is stored in a reserved area inside the drive. Also during manufacturing, the PSID is printed, in

plaintext, on the drive’s physical, external label. The PSID PIN cannot be accessed via the drive’s interface,

and it cannot be changed.

Below is the procedure to execute Revert:

• Start Session on the Admin SP

• Authenticate to the PSID authority

• Execute the Revert Method

• Successful completion of Revert automatically ends the TCG session

Notes for Revert include:

• Revert execution that encounters an error does not close the TCG session

• Reset of the drive during Revert will cause the subsequent power up sequence to be extended while

Revert finishes its work

Table 289 PSID Authority Added to Admin SP Authority Table

UID

Name

Common Name

IsClass

Class

Enabled

Operation

Credential

00 00 00 09

00 01 FF 01

PSID PhysicalDriveOwner F Null T Password C_PIN_PSID