| Standard | FIPS 140-3 |
|---|---|
| Overall level | 2 |
| Module type | Hardware |
| Embodiment | Multi-Chip Embedded |
| Status | Active |
| Sunset date | 9/15/2029 |
| Caveat | Interim validation. When installed, initialized and configured as specified in Section 11.1 of the Security Policy. No operator authentication is enforced for executing security services that were unlocked by an authenticated service |
| Vendor | Western Digital Technologies, Inc. |
| Hardware versions | WUH722020BL4205 [1, 2, 3, 4], WUH722020BL5205 [1, 2, 3, 4], WUH722222BL4205 [3, 5], WUH722222BL5205 [3, 5] |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 2 |
| Cryptographic Module Interfaces | 2 |
| Roles, Services, and Authentication | 4 |
| Software/Firmware Security | 2 |
| Operational Environment | N/A |
| Physical Security | 2 |
| Sensitive Security Parameter Management | 2 |
| Self-Tests | 2 |
| Life-Cycle Assurance | 1 |
| Mitigation of Other Attacks | N/A |
flowchart LR
%% Deterministic review-risk graph for Ultrastar DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>RY07 [1], R5G4 [2], RG01 [3], VM18 [4], R7J4 [5]</i>"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>upgrade<br/>update</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Decryption<br/>Encryption<br/>OptiNAND_Descr ambler</i>"]
C4["[high] Physical/logical<br/>interfaces (some 'blocked<br/>in firmware')<br/><i>SAS Connector SIO Serial Port Connector UART</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I4["Interface reachability may<br/>vary by boot stage and<br/>lifecycle state."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R4["Are interfaces blocked<br/>before the bootloader<br/>runs, or only after<br/>approved mode starts?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E4["lifecycle reachability<br/>matrix · boot-stage<br/>interface timing ·<br/>factory/recovery/error-state<br/>access controls"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C1 --> I1 --> R1 --> E1
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C4 --> I4 --> R4 --> E4
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C1,C2,C3,C4,C5,C6 clue;
class I1,I2,I3,I4,I5,I6 infer;
class R1,R2,R3,R4,R5,R6 risk;
class E1,E2,E3,E4,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Ultrastar DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>RY07 [1], R5G4 [2], RG01 [3], VM18 [4], R7J4 [5]</i><br/>src: certificate.firmwareVersions"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>upgrade<br/>update</i><br/>src: text:keyword"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>Decryption<br/>Encryption<br/>OptiNAND_Descr ambler</i><br/>src: securityPolicy.services"]
C4["[high] Physical/logical interfaces (some 'blocked in firmware')<br/><i>SAS Connector SIO Serial Port Connector UART</i><br/>src: securityPolicy.portsAndInterfaces"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C1,C3,C4 clueHigh;
class C2,C5,C6 clueLow;Vendor name Western Digital Technologies, Inc. Module Name Ultrastar DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED Document Version: 1.6 Date: October 16, 2024 Protection of Data at Rest © 2024 Western Digital Corporation or its affiliates. Public Material - May be reproduced only in its original entirety [without revision].
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED Table of Contents
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED Tables
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED Figures
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 2 |
| 2 | 2 | Cryptographic Module Specification | 2 |
| 3 | 3 | Cryptographic Module Interfaces | 2 |
| 4 | 4 | Roles, Services and Authentication | 2 |
| 5 | 5 | Software/Firmware Security | 2 |
| 6 | 6 | Operational Environment | N/A |
| 7 | 7 | Physical Security | 2 |
| 8 | 8 | Non-invasive security | N/A |
| 9 | 9 | Sensitive Security Parameter Management | 2 |
| 10 | 10 | Self-Tests | 2 |
| 11 | 11 | Life-cycle Assurance | 2 |
| 12 | 12 | Mitigation of Other Attacks | N/A |
| Overall Level | Overall Level | 2 |
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED 1.1 Overview This document is the non-proprietary FIPS 140-3 Security Policy for the Ultrastar® DC HC560 TCG Enterprise HDD SED and Ultrastar® DC HC570 TCG Enterprise HDD SED. It contains the security rules under which each module must operate and describes how each module meets the requirements as specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication 140-3) for an overall Security Level 2 module. 1.2 Security Levels The FIPS 140-3 security levels for the Module are as follows. Table 1 Security Levels N/A N/A N/A The Western Digital Ultrastar DC HC560 TCG Enterprise HDD SED, hereafter referred to as Ultrastar DC HC560, Cryptographic Module, cryptographic module, or CM, and the Western Digital Ultrastar DC HC570 TCG Enterprise HDD SED, hereafter referred to as Ultrastar DC HC570, Cryptographic Module, cryptographic module, or CM are self-encryption drives (SED) that comply in general with the specifications listed in 13.2 Trusted Computing Group Specifications and specifically with the TCG Storage Architecture Core Specification [TCG Core] with the Trusted Computing Group (TCG) Storage Security Subsystem Class (SSC): Enterprise Specification [TCG Enterprise]. The TCG Storage SSC: Enterprise Specification defines a management interface for host application software to activate, provision, and manage encryption of user data. The specification includes data structures and their required content, and mechanisms for managing and configuring Authentication Credentials and access controls. The security architecture provides a locking mechanism by which an Authentication Credential (i.e., a password) can be set by an operator to enable control of access to user data. After an operator authenticates to the appropriate role and locks access to user data access user data is inaccessible. This implementation complies with the lock-based authentication model specified in IG 4.1.A.
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED 2.1 Description Purpose and Use The Cryptographic Module’s intended use is by US Federal agencies or other markets that require FIPS 140-3 validated hardware modules. The primary function of the Cryptographic Module is to provide data encryption, access control, and cryptographic erase of the data stored on the hard drive media within the CM. The operator of the Cryptographic Module interfaces with the Cryptographic Module through application software that resides within a host system. Module Type Module Type Hardware Module Embodiment Module Embodiment Multiple-chip embedded Module Characteristics Module Characteristics Figure 1 illustrates a logical view of the CM’s firmware components. The Security Core partition is the most secure portion of the security subsystem. It forms a security boundary that provides assurances of firmware integrity and SSP integrity within the CM. The Security Protocol and Services partition contains the TCG Storage SSC: Enterprise SCC security protocol. Components in this ring communicate to the Security Core firmware through a Security Core API. The Security Application Client firmware, typically referred to as “Base Firmware” interfaces with the Security Protocol and Services firmware, provides adapters for the security subsystem support and implements a perimeter defense of the system based on security state. Specifically, the enforcement of port and command controls for manufacturing commands, firmware download control enforcement and boot up signature checks resides within the Security Application Client firmware layer. The Cryptographic Module operates within a limited operational environment. While operational, the Cryptographic Module prohibits operator or process-initiated additions, deletions, or modification of the code working set. For firmware upgrades, the Cryptographic Module uses an authenticated download service, which complies with ISO 19790 7.4.3.4, to upgrade the mutable firmware in its entirety. The immutable security firmware stored in ROM, which is essential and integral to the operation of the module is nonmodifiable. If the download operation is successful, authorized, and verified, the Cryptographic Module will begin operating with the new code working set after successfully executed all required pre-operational self-tests that comply with ISO 19790 7.10.2. Firmware loaded into the module that is not on the FIPS 140-3 certificate is out of the scope of this validation and requires a separate FIPS 140-3 validation. The Cryptographic Module’s security design utilizes common security protections, policies, and processes. It utilizes a hardware security Access Control Module (ACM) that incorporates a hardware Root of Trust (RoT). Security firmware leverages the RoT, hardware cryptographic algorithms and accelerators to implement a secure environment that assures firmware integrity, port access and the secure storage of plaintext secrets, user data, keys, and Sensitive Security Parameters (SSP) within the Cryptographic Module. The Cryptographic Module only supports approved security functions defined in NIST SP 800-140C and SP 800-140D. The hardware Root of Trust assures,
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED Security Application Client Security Protocol and Services Security Core Data and Control Input Data and Status Output Host System Figure 1 - Security Subsystem Components Cryptographic Boundary Figure 2 and Figure 3 depict the physical form of each CM within the scope of this security policy document. The CM is a multi-chip embedded embodiment. The hard opaque surface of the enclosure defines the cryptographic boundary. All components within this boundary satisfy FIPS 140-3 requirements. The Cryptographic Module firmware disables the SIO port pins outlined by the red box to the right of the SAS connector in Figure 2 and Figure 3. Tested Operational Environment’s Physical Perimeter (TOEPP) Tested Operational Environment’s Physical Perimeter (TOEPP)
| Name | Model | Hardware Version | Firmware Version | Processor | Features | # |
|---|---|---|---|---|---|---|
| 1 | Ultrastar DC HC560 | WUH722020BL4205 | RY07, R5G4, RG01, VM18 | ARM Cortex M3, ARM Cortex-R8, Synopsys ARC HS36 | N/A | 1 |
| 2 | Ultrastar DC HC560 | WUH722020BL5205 | RY07, R5G4, RG01, VM18 | ARM Cortex M3, ARM Cortex-R8, Synopsys ARC HS36 | N/A | 2 |
| 1 | Ultrastar DC HC570 | WUH722222BL4205 | R7J4, RG01 | ARM Cortex M3, ARM Cortex-R8, Synopsys ARC HS36 | N/A | 1 |
| 2 | Ultrastar DC HC570 | WUH722222BL5205 | R7J4, RG01 | ARM Cortex M3, ARM Cortex-R8, Synopsys ARC HS36 | N/A | 2 |
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED 2.2 Tested and Vendor Affirmed Module Version and Identification Tested Module Identification - Hardware The Ultrastar DC HC560 cryptographic module is tested on the following operational environment. # N/A N/A The Ultrastar DC HC570 cryptographic module is tested on the following operational environment. # 2.3 N/A N/A Excluded Components The Ultrastar DC HC560 components listed below and identified in Figure 4 and Figure 5 are excluded from the cryptographic boundary.
| Exclusion | Rationale | ||
|---|---|---|---|
| excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements. | |||
| 5V via | The voltage level on the 5V circuit is dependent on the presence of voltage on the 5V_EFUSE circuit. An N-channel Power MOSFET isolates the 5V circuit from the 5V_EFUSE circuit. A MOSFET failure will cause the voltage on the 5V circuit to drop to 0V. This results in the immediate shutdown of the CM. Therefore, the 5V via satisfies the excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements. | ||
| 5V_EFUSE via | The 5V_EFUSE circuit connects to the output of an integrated dual electronic eFuse, designed to protect circuitry from overcurrent and overvoltage events, in applications that require hot swap operation and in-rush current control. If the electronic eFUSE device fails, the voltage on the 5V_EFUSE circuit drops to 0V. This results in the immediate shutdown of the CM. Therefore, the 5V _EFUSE via satisfies the excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements. | ||
| 5V_PREAMP via | The 5V_PREAMP via connects to the 5V_EFUSE circuit though a zero-ohm resistor. Any failure of the 5V_EFUSE circuit to supply 5V or a failure of the zero-ohm resistor causes the voltage on the 5V_PREAMP circuit to drop 0V. This results in the immediate shutdown of the CM. Therefore, the 5V_PREAMP via satisfies the excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements. | ||
| INAND_VCCQ2 via | The voltage level of the INAND_VCCQ2 depends on a functioning synchronous step-down DC/DC converter, which is dependent on the presence of voltage on the 5V_EFUSE circuit and V3.3_PLR3 circuit. A 5V_EFUSE circuit failure, V3.3_PLR3 circuit failure, or DC/DC converter component failure causes the voltage on the INAND_VCCQ2 circuit to drop to 0V. The INAND_VCCQ2 circuit supplies power to the serial boot flash device. The CM fails to bootup if the INAND_VCCQ2 drops to 0V. Therefore, the INAND_VCCQ2 via satisfies the excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements. | ||
| V3.3_PLR3 via | V3.3_PLR3 is dependent on the presence of 5 volts on the +5V_EFUSE net, which supplies power to a Power Large Scale Integrated (PLSI) circuit device. Any failure of the 5V_EFUSE circuit to supply 5V or a failure of the PLSI device causes the voltage on the V3.3_PLR3 circuit to drop 0V. This results in the immediate shutdown of the CM. Therefore, the V3.3_PLR3 via satisfies the excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements. | ||
| AUX_IN via | The voltage level on the AUX_IN circuit allows the SoC9 ASIC to determine the temperature of the disk enclosure. The CM initiates a thermal safety shutdown if the temperature is outside the normal operating range the CM automatically shuts down. Therefore, the AUX_IN via satisfies the excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements. | ||
| Drive Motor Control Cable | The Drive Motor Control Cable is a three-conductor ribbon cable that serves a mechanical purpose. The three conductors, designated SPN_A, SPN_B, and SPN_C provide drive spindle rotor position data to the Spindle Driver within PLSI device. Therefore, the Drive Motor Control Cable satisfies the excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements. |
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED
| Exclusion | Rationale | ||
|---|---|---|---|
| 5V_EFUSE via | The 5V_EFUSE circuit connects to the output of an integrated dual electronic eFuse, which connects to ground through a capacitor. The eFuse device protects circuitry from overcurrent and overvoltage events, in applications that require hot swap operation and in-rush current control. If the electronic eFUSE device fails or the capacitor shorts to ground, the voltage on the 5V_EFUSE circuit drops to 0V. This results in the immediate shutdown of the CM. Therefore, the 5V _EFUSE via satisfies the excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements. |
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED Figure 4 - Excluded Components, Ultrastar DC HC560 Figure 5 - Excluded Components, Ultrastar DC HC560 The Ultrastar DC HC570 components listed below and identified in Figure 6, Figure 7 and Figure 8 are excluded Table 3 Ultrastar DC HC570 Exclusions
| Exclusion | Rationale | ||
|---|---|---|---|
| INAND_VCC_X via | INAND_VCC_X circuit powers the OptiNAND device. INAND_VCC_X derives from INAND_VCC through a fuse. The output of the fuse connects to ground through two capacitors. If the fuse opens or either capacitor shorts to ground, the OptiNAND loses power and shuts down. CM responds by inhibiting writes to the CM. Therefore, the INAND_VCC_X via satisfies the excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements. | ||
| J2_VEE via | J2_VEE supplies -3V supply to the preamp chip in the head assembly through an inductor. If the inductor fails and the preamp input voltage drops to 0V, read/write functions to the disk media are disabled. This renders user data inaccessible. Therefore, the J2_VEE via satisfies the excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements. | ||
| READY_LED via | READY_LED circuit serves as a status indicator that is within the scope of the Status Port. Therefore, the READY_LED via satisfies the excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements. | ||
| SIOEN_AE via | The SIOEN_AE signal enables serial communication between the SoC9 ASIC and the preamp chip in the head assembly. A malfunction by the SoC ASIC or lose of the direct connection between the SoC9 ASIC to the preamp chip prevents the proper setup of read/write functionality. This renders user data inaccessible. Therefore, the SIOEN_AE via satisfies the excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements. | ||
| SWDCLK via | SWDCLK circuit provides a debug clock signal for the ARM JTAG Interface port. The ARM JTAG Interface port is disabled in production drives for use in the field. Therefore, the SWDCLK via satisfies the excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements. | ||
| V3.3_PLR3 via | V3.3_PLR3 is dependent on the presence of 5V on the +5V_EFUSE net, which supplies power to a Power Large Scale Integrated (PLSI) circuit device. V3.3_PLR3 is sourced from the 3.3V linear regulator output of the KOI PLSI. Any failure of the 5V_EFUSE circuit to supply 5V or a failure of the PLSI device causes the voltage on the V3.3_PLR3 circuit to drop 0V. V3.3_PLR3 connects to ground through a capacitor. If the capacitor shorts to ground the PLSI immediately shuts down. Either failure mode results in the immediate shutdown of the CM. Therefore, the V3.3_PLR3 via satisfies the excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements. | ||
| WRP via | WRP and WRM form a differential pair connected to the head assembly’s Write Channel. The loss of the direct connection between the WRP output of the SoC9 ASIC to the head assembly significantly reduces the robustness of the transmitted data. The inability to cancel electromagnetic interface present on the differential pair could cause the corruption of user data written to disk media. The corruption of user data cannot compromise the SSPs stored within CM. Therefore, the WRP via satisfies the excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements. | ||
| Drive Motor Control Cable | The Drive Motor Control Cable is a three-conductor ribbon cable that serves a mechanical purpose. The three conductors, designated SPN_A, SPN_B, and SPN_C provide drive spindle rotor position data to the Spindle Driver within PLSI device. Therefore, the Drive Motor Control Cable satisfies the excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements. |
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED Figure 6 - Excluded Components, Ultrastar DC HC570 Figure 7 - Excluded Components, Ultrastar DC HC570
| Name | Description | Indicator | |
|---|---|---|---|
| isFIPS | The cryptographic module is operating as a compliant FIPS 140-3 module | 1. The Level 0 Discovery1 service returns a value of 1 from the in FIPS2 global indicator data field and 2. The Firmware Download Control LockOnReset field is set to PowerCycle3and 3. For each configured BandMaster4, the state of each listed attribute is set as shown below. • LockOnReset = PowerCycle • ReadLockEnabled = True • WriteLockEnabled = True | Approved |
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED Figure 8 - Excluded Components, Ultrastar DC HC570 2.4 Modes of Operation Table 4 Modes of Operation Section 11.1 of this document specifies the recommended and mandatory steps necessary for the secure installation, responsible for assuring that the mandatory configuration requirements remain unchanged. When correctly configured the Cryptographic Module always powers up isFIPS mode. The cryptographic module does not support non-approved or non-allowed security functions. Mode Change Instructions and Status: Table 4 specifies the conditions that must be true for the Cryptographic Module to operate in isFIPS mode. Any action by the operator that negates the PowerCycle setting of the Firmware Download Control's LockOnReset field transitions the CM to a noncompliant state. Any action by the operator that negates the attribute setting, specified in
1 See the Level 0 Discovery’ Vendor Specific Data section of the Ultrastar DC HC560 3.5-inch Serial Attached SCSI Hard Disk Drive
Specification [Product Manual] or Ultrastar DC HC570 3.5-inch Serial Attached SCSI Hard Disk Drive Specification [Product Manual] for guidance.
3 See the Ports section of the Ultrastar DC HC560 3.5-inch Serial Attached SCSI Hard Disk Drive Specification [Product Manual] or Ultrastar
DC HC570 3.5-inch Serial Attached SCSI Hard Disk Drive Specification [Product Manual] for guidance.
4 See the TCG Storage SSC: Enterprise Specification [TCG Enterprise] for guidance.
| Name | CAVP Cert | Mode Method | Key Size | Use Function | |
|---|---|---|---|---|---|
| AES [FIPS 197] | AES 35805 | CBC [SP 800 38A] | Key Size: 128, 256 Key Strength: 128 bits, 256 bits | Encryption and Decryption of SSPs. | Avago Technologies |
| ECB [SP 800 38A] | ECB [SP 800 38A] | Key Size: 128, 256 Key Strength: 128 bits, 256 bits | Encryption and Decryption, AES KWP. | ||
| XTS [SP 800 38E] | XTS [SP 800 38E] | Key Size: 128, 256 Key Strength: 128 bits, 256 bits | Not used | ||
| AES [FIPS 197] | A2098 | KWP [SP 800 38F] ECB [SP 800 38A] | Forward Payload Length: 96- 1024, Increment 8 Key Size: 256 Key Strength: 256 | Authenticated Encryption, Authenticated Decryption of Root Signing Key. | Western Digital Corporation |
| AES [FIPS 197] | A2099 | CBC [SP 800 38A] | Key Size: 256 Key Strength: 256 bits | Descrambles OptiNAND sFFU firmware image. | Western Digital Corporation |
| AES [FIPS 197] | A2101 | ECB [SP 800 38A] | Key Size: 128, 256 Key Strength: 128, 256 bits | Encryption, Decryption, DEE self-tests. | Western Digital Corporation |
| XTS [SP 800 38E] | XTS [SP 800 38E] | Payload Length: 4096 – 32768 Increment: 128 Tweak Mode: Number Key Size: 128, 256 Key Strength: 128, 256 bits | Encryption and Decryption of data-at-rest. | ||
| DRBG [SP 800 90A] | A2098 | CTR | Mode: AES-256 Derivation Function: True Prediction Resistance: False Key Size: 256 Key Strength: 256 bits | Deterministic Random Bit Generation Security Strength = 256 | Western Digital Corporation |
| HMAC [FIPS 198] | HMAC 2280 | SHA-1 | Message Length: 8- 51200, Increment: 8 Key Size: 160 Key Strength: 160 bits | Not used | Avago Technologies |
| SHA2-224 | SHA2-224 | Message Length: 8- 51200, Increment: 8 Key Size: 224 Key Strength: 224 bits | Not used | ||
| SHA2-256 | SHA2-256 | Message Length: 8- 51200, Increment: 8 Key Size: 256 Key Strength: 256 bits | Message Authentication of signed encrypted SSPs, PBKDF2 derived key generation | ||
| PBKDF2 [SP 800 132] | A2100 | Option 2a | Master Key Generation Type: Option 2a Iteration Count: 2 - 1024 with Increment 1 HMAC Algorithm: SHA2-256 Password Length: 32 Salt Length: 128-512 with Increment 8 Key Data Length: 256 - 4096 with Increment: 256 Key Strength: 256 | Password based key derivation function using HMAC-SHA2-256 (Cert #HMAC 2280). The derived generated keys, K , and K, encrypt data u a protection keys used in a data storage application. | Western Digital Corporation |
| RSA SigVer [FIPS 186] | A2098 | PSS | Signature Type: PKCSPSS Hash Algorithm: SHA2-256 Modulo: 3072 Key Strength: 128 bits | SigVer within the ACM RoT. | Western Digital Corporation |
| RSA SigVer [FIPS 186] | A2099 | PSS | Signature Type: PKCSPSS Hash Algorithm: SHA2-256 Modulo: 3072 Key Strength: 128 bits | SigVer within the OptiNAND device. | Western Digital Corporation |
| SHS [FIPS 180] | SHS 2942 | SHA-1 | Message Length: 8- 51200, Increment: 8 Key Size: 160 Key Strength: 160 bits | Not used | Avago Technologies |
| SHA2 - 224 | SHA2 - 224 | Message Length: 8- 51200, Increment: 8 Key Size: 224 Key Strength: 224 bits | Not used | ||
| SHA2-256 | SHA2-256 | Message Length: 8- 51200, Increment: 8 Key Size: 256 Key Strength: 256 bits | Message digest generation. Digital signature verification within the ACM RoT |
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED Table 4 for LockOnReset, ReadLockEnabled, or WriteLockEnabled for any configured BandMaster transitions the CM to a noncompliant state. The Cryptographic Module does not support a degraded operational mode. 2.5 Algorithms The Cryptographic Module supports NIST SP 800-131A compliant approved algorithms listed in Table 5. Approved Algorithms Table 5 Approved Algorithms AES 3580 5
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED
| Name | CAVP Cert | Mode Method | Key Size | Properties | Reference | Vendor Name | Implementation |
|---|---|---|---|---|---|---|---|
| SHS [FIPS 180] | A2099 | SHA2-256 | Message Length: 0- 65536, Increment: 8 Key Size: 256 Key Strength: 256 bits | Western Digital Corporation | |||
| CKG-Direct | AES 256: Symmetric Key Generation | SP 800-133rev2 Section 4 example #1, Section 6.1 and IG D.H | N/A | ||||
| CKG- Combined | AES 256: Symmetric Key Generation | SP 800-133rev2 Section 6.3 example #2 and IG D.H | N/A |
| Name | CAVP Cert | Mode Method | Key Size | Properties | Reference | Vendor Name | Implementation |
|---|---|---|---|---|---|---|---|
| SHS [FIPS 180] | A2099 | SHA2-256 | Message Length: 0- 65536, Increment: 8 Key Size: 256 Key Strength: 256 bits | Western Digital Corporation | |||
| CKG-Direct | AES 256: Symmetric Key Generation | SP 800-133rev2 Section 4 example #1, Section 6.1 and IG D.H | N/A | ||||
| CKG- Combined | AES 256: Symmetric Key Generation | SP 800-133rev2 Section 6.3 example #2 and IG D.H | N/A |
| Name | Description | Approved Functions | Type | Properties | SF Capabilities |
|---|---|---|---|---|---|
| Authority_Digest_ Generation | Generates an HMAC message digest of an Authentication Credential PIN | HMAC-SHA2-256 (Cert #HMAC 2280) | MAC | Message Length: 8- 51200, Increment: 8, Key Size: 256, Key Strength: 256 bits | Publications: [IG 10.3.A] |
| Authority_Digest_ Verification | Verifies the HMAC digest of an Authentication Credential PIN. | HMAC-SHA2-256 (Cert #HMAC 2280) | MAC | Message Length: 8- 51200, Increment: 8, Key Size: 256, Key Strength: 256 bits | Publications: [IG 10.3.A] |
| Decryption | Block Cipher | AES-CBC (Cert #AES 3580) | BC-UnAuth | Key Size: 128, 256, Key Strength: 128, 256 bits | Publications: [IG 10.3.A] |
| Derived_Key_Gene ration | Password-Based Key Derivation | PBKDF2 (Cert #A2100) HMAC-SHA2-256 (Cert #HMAC 2280) | PBKDF2 | PBKDF2 Master Key Generation Type: Option 2a, Iteration Count: 2 - 1024 with Increment 1, HMAC Algorithm: SHA2-256. Password Length: 32, Salt Length: 128-512 with Increment 8, Key Data Length: 256 - 4096 with Increment: 256 HMAC-SHA2-256 Message Length: 8- 51200, Increment: 8, Key Size: 256, Key Strength: 256 bits Note: The CM uses keys derived from passwords only in a storage application. | Publications: [IG 10.3.A] [IG D.N] |
| Digest_Generation | Secure Hash Standard | SHA2-256 (Cert #SHS 2942) | SHA | Message Length: 8- 51200, Increment: 8, Key Size: 256, Key Strength: 256 bits | Publications: [IG 10.3.A] [IG C.B] |
| Digest_Verification | Secure Hash Standard | SHA2-256 (Cert #SHS 2942) | SHA | Message Length: 8- 51200, Increment: 8, Key Size: 256, Key Strength: 256 bits | Publications: [IG 10.3.A] [IG C.B] |
| Encryption | Block Cipher | AES-CBC (Cert #AES 3580) | BC-UnAuth | Key Size: 128, 256, Key Strength: 128, 256 bits | Publications: [IG 10.3.A] |
| Entropy | Entropy Source | ESV Cert #13 | ESV | Security Strength: 256 | Publications: [IG 9.3.A] [IG D.J] [IG D.O] |
| FW_Authenticity | Digital Signature Verification Verifies the authenticity of a CM firmware image | RSA SigVer (Cert #A2098) SHA2-256 (Cert #SHS 2942) | DigSig-SigVer | RSA SigVer Signature Type: PKCSPSS Modulo: 3072. Key Strength: 128 bits SHA2-256 Message Length: 8- 51200, Increment: 8, Key Size: 256, Key Strength: 256 bits | Publications: [IG 10.3.A] [IG C.B] [IG C.F] |
| FW_Integrity | Digital Signature Verification Verifies the integrity of a CM firmware image | RSA SigVer (Cert #A2098) SHA2-256 (Cert #SHS 2942) | DigSig-SigVer | RSA SigVer Signature Type: PKCSPSS Modulo: 3072, Key Strength: 128 bits SHA2-256 Message Length: 8- 51200, Increment: 8, Key Size: 256, Key Strength: 256 bits | Publications: [IG 10.3.A] [IG C.B] [IG C.F] |
| Key Wrap | Key Wrapping Key Unwrapping | AES-KWP (Cert #A2098) AES-ECB (Cert #AES 3580) | KWP-AE KWP-AD | AES-KWP Direction: Forward Authenticated Encrypt, Authenticated Decrypt, Payload Length: 96-1024, Increment 8, Key Length: 256 AES-ECB Key Size: 128, 256, Key Strength: 128, 256 bits | Publications: [IG 10.3.A] [IG D.G] |
| Keyed_Digest_Gen eration | Message Authentication Generation | HMAC-SHA2-256 (Cert #HMAC 2280) | MAC | Message Length: 8- 51200, Increment: 8, Key Size: 256, Key Strength: 256 bits | Publications: [IG 10.3.A] |
| Keyed_Digest_Veri fication | Message Authentication Verification | HMAC-SHA2-256 (Cert #HMAC 2280) | MAC | Message Length: 8- 51200, Increment: 8, Key Size: 256, Key Strength: 256 bits | Publications: [IG 10.3.A] |
| MEK Generation | Cryptographic Key Generation, XOR of LRK and NSK | DRBG (Cert # A2098) AES-XTS (A2101) CKG-Combined | CKG | Payload Length: 4096 – 32768 Increment: 128 Tweak Mode: Number Key Size: 128, 256 Key Strength: 128 bits, 256 bits | Publications: [IG D.H] |
| OptiNAND_Descr ambler | Block Cipher. | AES-CBC (Cert #A2099) | BC-UnAuth | Key Size: 256, Key Strength: 256 bits | Publications: [IG 10.3.A] |
| FW_Auth_OptiNA ND | Digital Signature Verification Verifies the authenticity of an OptiNAND firmware image | RSA SigVer (Cert #A2099) SHA2-256 (Cert #A2099) | DigSig-SigVer | RSA SigVer Signature Type: PKCSPSS Modulo: 3072, Key Strength: 128 bits SHA2-256 Message Length: 0- 65536, Increment: 8, Key Size: 256, Key Strength: 256 bits | Publications: [IG 10.3.A] [IG C.B] [IG C.F] |
| FW_Integrity _OptiNAND | Digital Signature Verification Verifies the integrity of an OptiNAND firmware image. | RSA SigVer (Cert #A2099) SHA2-256 (Cert #A2099) | DigSig-SigVer | RSA SigVer Signature Type: PKCSPSS Modulo: 3072, Key Strength: 128 bits SHA2-256 Message Length: 0- 65536, Increment: 8, Key Size: 256, Key Strength: 256 bits | Publications: [IG 10.3.A] [IG C.B] [IG C.F] |
| RBG | Random bit generator | CTR-DRBG (Cert #A2098) | DRBG | Mode: AES-256 Derivation Function: True, Prediction Resistance: False, Key Size: 256, Key Strength: 256 bits | Publications: [IG 10.3.A] [IG D.L] [IG D.R] |
| RBG_Seeding | Seeds DRBG with entropy data | CTR-DRBG (Cert #A2098) | ESV | Mode: AES-256, Derivation Function: True, Prediction Resistance: False, Key Size: 256, Key Strength: 256 bits | Publications: [IG 9.3.A] [IG 10.3.A] [IG D.J] [IG D.K] |
| DRBG | DRBG | Publications: [IG 10.3.A] [IG D.L] [IG D.R] | |||
| SecureLoader_ Integrity | Digital Signature Verification Verifies the integrity of the Secure Loader firmware image | RSA SigVer (Cert #A2098) | DigSig-SigVer | RSA SigVer Signature Type: PKCSPSS Hash Algorithm: SHA2- 256, Modulo: 3072, Key Strength: 128 bits SHA2-256 Message Length: 8- 51200, Increment: 8, Key Size: 256, Key Strength: 256 bits | Publications: [IG C.F] [IG 10.3.A] [IG C.B] |
| Secure Hash | SHA2-256 (Cert #SHS 2942) | Secure Hash | |||
| Symmetric_Key_Ge neration | Generates AES 256 symmetric cryptographic keys | CKG-Direct AES-CBC (Cert #AES 3580) | CKG | Key Size: 128, 256, Key Strength: 128, 256 bits | |
| User_Data_Decrypt ion | Block Cipher | AES-XTS (Cert #A2101) | BC-UnAuth | Payload Length: 4096 – 32768, Increment: 128, Tweak Mode: Number, Key Size: 128, 256, Key Strength: 128, 256 bits | Publications: [IG 10.3.A] [IG C.I] |
| User_Data_Encrypt ion | Block Cipher | AES-XTS (Cert #A2101) | BC-UnAuth | Payload Length: 4096 – 32768, Increment: 128, Tweak Mode: Number, Key Size: 128, 256, Key Strength: 128, 256 bits | Publications: [IG 10.3.A] [IG C.I] |
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED Use/Function Digital signature OptiNAND device. Note: AES - XTS - The AES-XTS algorithm implementations include a check to ensure Key_1 ≠ Key_2 The Cryptographic Module implements the FIPS Vendor Affirmed cryptographic algorithms listed in Table
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED 2.7 Algorithm Specific Information The Cryptographic Module performs a key comparison test on each LRK.AESKey/LRK.XTS and NSK.AESKey/NSK.XTS keyset to assure compliance with FIPS 140-3 IG C.I XTS-AES Key Generation Requirements every time the CM generates an LRK.AESKey/LRK.XTS and NSK.AESKey/NSK.XTS keyset, to assure compliance for all derived MEKs. The only use of any AES-XTS key pair is the encryption and decryption of data-at-rest within the cryptographic module in a storage application. PBKDF2 The password consists of a minimum of twelve (12) hexadecimal bytes values and a maximum of thirty-two (32) hexadecimal bytes values that range from 0x00 to 0xFF. The probability that a random attempt correctly guesses a twelve (12) byte password, or a false acceptance occurs is equal to 1 in 7.92E+28. The probability that a random attempt correctly guesses a thirty-two (32) byte password, or a false acceptance occurs is equal to 1 in 1.16E+7728. The default 1024 iteration count, 256-bit Salt and HMAC-SHA2-256 (Cert #HMAC 2280) algorithm conforms to SP 800-132, Option 2a. The Master key (MK) encrypts and decrypts data protection keys. The PBKDF2 derived keys, Ku, and Ka, encrypt data protection keys used in a data storage application.
| Name | Type | Strength | Operating Environment | Entropy per sample | Conditioning Components |
|---|---|---|---|---|---|
| ESV, E13 | Physical | 32 bits | 0L23689, IC SOC9, Rev 2.1 ARM Cortex M3, ARM Cortex R8 | 2.69612 | None |
| Vendor Name | Certificate Number | ||
|---|---|---|---|
| Western Digital Corporation | E13 |
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED 2.8 RBG and Entropy The SP 800-90A rev1-compliant Deterministic Random Bit Generator (DRBG), implemented as a CTR_DRBG mechanism, uses an AES-256 block cipher derivation function to generate encryption keys for use within the cryptographic boundary of the Cryptographic Module. Paragraphs titled Entropy Information and RBG Information summarize the characteristics of the entropy noise source that resides within the cryptographic boundary and seeds the CTR_DRBG. Table 8 Entropy Certificates Table 9 Entropy Sources Entropy Information The hardware-based ring oscillator noise source referenced in Table 9 consist of eight (8) identical groups of four (4) independent ring oscillator circuits. Within each group, there are four (4) distinct logic inverter gate designs that consist of 19, 23, 31, and 39 gates. The oscillators are physically isolated from other active traces within the SoC9 ASIC. No configuration steps are necessary to operate the entropy source in a compliant manner. As stated in the Public Use Documents for E13, on power up the Cryptographic Module executes an entropy source initialization sequence that collects sufficient samples of raw noise to verify the health of its entropy source prior to seeding the DRBG. If the initialization sequence returns false, the Cryptographic Module transitions to an error state that blocks the execution of all security services. RBG Information The output of the entropy source referenced in Table 9 consists of the raw data generated from thirty-two (32) free running ring oscillators. Eight identical groups of four variable length inverter chains define the implementation. Each 32-bit sample produces at least 2.69612 bits of entropy. Each time the DRBG is instantiated or reseeded, the CM concatenates one hundred sixty (160) 32-bit samples to seed the DRBG. This equates to 5120 bits of entropy data and translates to at least 431.379 bits of min-entropy. This seeds the CTR_DRBG with approximately 287 bits of security strength (~287.59 bits of entropy input and ~143.79 bits of nonce). Seeding the DRBG with at least 287 bits of security strength exceeds the requirement to seed the DRBG with 256 bits of security strength. 2.9 Key Generation The cryptographic module utilizes an SP 800-90A rev1-compliant CTR_DRBG to generate symmetric cryptographic keys, which comply with sections 6.1, 6.2.3 and 6.3 of SP 800-133r2. Each symmetric keyset consists of an encryption and a signing key. Specifically,
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED
Key Agreement Information The cryptographic module does not support a key establishment scheme. Key Transport Information The cryptographic module does not support a key transport scheme.
The cryptographic module supports the TCG Storage SSC: Enterprise [TCG Enterprise] security protocol. 3.1 Cryptographic Module Interfaces Ports and Interfaces As a hardware module, the Cryptographic Module uses the standard 29-pin Serial Attached SCSI (SAS) connector that conforms to the mechanical requirements of SFF 8680. Table 10 identifies the Cryptographic Module’s ports and interfaces. The two-wire SIO Serial Port connector consists of signal and ground. Prior to shipment, Western Digital disables the SIO port. The Cryptographic Module does not provide a maintenance access interface. The SCSI protocol [SCSI Core] [SCSI Block] provides the primary communication channel between the Cryptographic Module and a host system. Services provided by the Cryptographic Module that require the processing of operator issued commands include TCG Storage SSC: Enterprise configuration settings, the reading and writing of user data, and retrieval of status data. The Cryptographic Module does not support a trusted channel communication link between the CM and a host system.
| Name | Physical Port | Logical Interface | |
|---|---|---|---|
| SAS Connector SIO Serial Port Connector UART | SAS Connector SIO Serial Port Connector UART | SAS connector: Used to transmit SCSI commands from the host system to the CM. SIO Serial Port: None, disabled. UART: Used to transmit SCSI commands from the host system to the CM. | Control Input |
| SAS Connector SIO Serial Port Connector UART | SAS Connector SIO Serial Port Connector UART | SAS connector: Used to transmit data and firmware update images from the host system to the CM. SIO Serial Port: FD_UART_RX, disabled. UART: Used to transmit data from the host system to the CM. | Data Input |
| SAS Connector SIO Serial Port Connector UART | SAS Connector SIO Serial Port Connector UART | SAS connector: Used to transmit data from the Cryptographic Module to the host system. SIO Serial Port: FD_UART_TX, disabled. UART: Used to transmitted data from the CM to the host system. | Data Output |
| Download Port | This logical port has two valid states, locked, and unlocked. If locked, the CM logically blocks firmware downloads. If unlocked, the CM logically allows the Cryptographic Officer to download firmware. | Download Port | |
| Power Connector | Power Connector | Power connector | Power |
| SAS Connector | SAS Connector | Used to transmit status data from the CM to the host system. READY_LED | Status Output |
| Name | Description | Strength | Strength per minute | |
|---|---|---|---|---|
| Credential PIN Authentication | Authenticates a 12 to 32 bytes Authentication Credential PIN Byte value range (ea.): 0x00 to 0xFF. | 12-byte PIN: 96 bits | Authority_Digest _Verification | Permutations: 7.92E+28 Authentication Time: 2.094965 msec Guess Probability (1 min): 3.61E-25 |
| 32-byte PIN: 256 bits | 32-byte PIN: 256 bits | Permutations: 1.16E+77 Authentication Time: 2.094965 msec Guess Probability (1 min): 2.47E-73 |
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED Table 10 Ports and Interfaces Roles, Services, and Authentication 4.1 Authentication Methods The Cryptographic Module implements the listed authentication methods. Table 11 Authentication Methods Note: E = log2(RL), where E = authentication strength, R = pool of unique characters and L = password length defines the security strength of an Authentication Credential PIN. See Calculating Password Entropy [PW]. 4.2 Roles The Module supports distinct User and Cryptographic Officer (CO) operator roles. The Cryptographic Module enforces role separation by requiring a role identifier and authentication credential in the form of a Personal Identification Number (PIN). The Cryptographic Module enforces role dependent service access rules. Table 13 maps services to Crypto Officer and User roles. The Cryptographic Module implements Access Control in layers. The top layer of the implementation consists of Access Control Lists (ACLs). ACLs are lists of Access Control Elements (ACEs). The boolean state of an ACE associated with an authority within a role determines access to a service. After authentication, an authority’s associated ACE boolean expression is set to be True. Prior to
| Name | Role Access | Type | |
|---|---|---|---|
| Anybody | User | Role | |
| BandMaster [0-15] | CO | Role | Credential PIN Authentication |
| EraseMaster | CO | Role | Credential PIN Authentication |
| SCSI User | User | Role | |
| SID | CO | Role | Credential PIN Authentication |
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED authentication, an authority’s associated ACE boolean expression is set to False. Closing a TCG session or powering off the Cryptographic Module disables all previously authenticated authorities by setting the ACE Boolean expression associated with all authenticated authorities to False. After powering up the CM and opening a new TCG session, the operator must execute the Authenticate service to enable an authority within the Crypto Officer and User roles. The Cryptographic Module does not support concurrent operators. The Cryptographic Module encrypts and signs all authentication data, associated with a role, stored outside the ACM. The ACM imports the encrypted and signed authentication, verifies the signature, and decrypts the authentication data. Before validating the operator supplied authentication data, the ACM checks for try limit violations. The lock-based authentication method implemented by the Cryptographic Module remains secure because the purpose of the implementation is to protect data-at-rest and the host operating system in communication with the CM acts as the operator and is considered a trusted machine. The Cryptographic Module implements the roles listed in Table 12. Table 12 Roles The CM supports both Crypto Officer (CO) and User roles.
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED
| Name | Description | Roles | Csps Accessed | Approved Functions | Indicator | Input | Output | Roles SSP Access | |
|---|---|---|---|---|---|---|---|---|---|
| Authenticate PSID | PSID character string authentication | CO: SID User: Anybody | SID | Decryption | isFIPS mode is true | PSID | Success or UEC failure code | Decryption Keyed_Digest_Verif ication | |
| Keyed_Digest_Verif | E:PSID Digest, Global | Keyed_Digest_Verif | |||||||
| ication | Active Keyset | ication | |||||||
| Authenticate TCG Authority | Authentication Credential authentication | CO: SID, EraseMaster, BandMaster User: Anybody | isFIPS mode is true | Authentication Credential PIN | Success or UEC failure code | Authority_Digest_V erification | SID E: SID PIN Digest, MSID Digest, SED AdminSP Active Signing Key W: SID PIN, MSID EraseMaster E: EraseMaster PIN Digest, BandMaster PIN Digests, MSID Digest, SED Active LockingSP Signing Key W: EraseMaster PIN, BandMaster PIN, MSID BandMaster E: BandMaster PIN Digests, EraseMaster | ||
| BootFlashInt egrity | E: SD_CA Key | SecureLoader_ Integrity | An RSA digital | isFIPS mode is true | RSA 3072 PSS signed firmware image | Success or UEC failure code | Unauthenticated | ||
| FIPS 140 Compliance Descriptor6 | This service reports the FIPS 140 revision as well as the Cryptographic Module’s overall security level, hardware revision, firmware revision and module name. | None | None | N/A | Security Protocol IN (0x0, 0x2, 0x2)7 | FIPS 140 Compliance Descriptor table data or UEC failure code | User: SCSI User |
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED 4.3 Approved Services Table 13 lists approved services implemented by the Cryptographic Module. The SSPs modes of access shown in the table below are defined as: G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module (e.g., the SSP is output). W = Write: The SSP is updated, imported, or written to the module. E = Execute: The CM uses the SSP to perform a cryptographic operation. Z = Zeroise: The CM zeroises the SSP. Table 13 Approved Services
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED N/A
| Name | Description | Roles | Csps Accessed | Approved Functions | Indicator | Input | Output | Description | ||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Firmware Download | Digital signature | CO: SID | E: OEM_FW Key, OEM_Release Key | FW_Authenticity | isFIPS mode is true | RSA 3072 PKCSPSS signed firmware image | Success or UEC failure code | FW_Authenticity | ||||
| Firmware Download Control | CO: SID | None | N/A | FW_DOWNLOA D_PORT bit within the AdminSP Logical Port Table | Success or UEC failure code | None | Enable or disable access to the Firmware Download service | |||||
| Firmware Integrity | An RSA digital | Unauthenticated | isFIPS mode is true | RSA 3072 PKCSPSS signed firmware image | Success or UEC failure code | FW_Integrity | E: OEM_FW Key, SC | |||||
| signature verifies | signature verifies | FW Key, SP_FW Key, | ||||||||||
| the authenticity | the authenticity | OEM_OFS Key, | ||||||||||
| of a binary | of a binary | SD_BFW Key, SD_CA | ||||||||||
| firmware image. | firmware image. | Key | ||||||||||
| Generate Random | User: Anybody | G: DRBG.Key, DRBG.V E: DRBG.Key, DRBG.V | isFIPS mode is true | Byte count | Byte string | RBG | TCG Random method that generates a random number from the SP 800- 90A CTR_DRBG | |||||
| Get | Reads data | CO: SID, EraseMaster, BandMaster, User: Anybody | R: MSID | isFIPS mode is true | Requested table data. [TCG Core] | Decryption Keyed_Digest_Verif ication | See §5.3.3.6 Basic | |||||
| structure; access | structure; access | Table Method | ||||||||||
| control | control | Group - Get | ||||||||||
| enforcement | enforcement | (Table and Object | ||||||||||
| occurs per data | occurs per data | Method | ||||||||||
| structure field | structure field | [TCG Core] | ||||||||||
| Get Band Attributes | CO: BandMaster User: Anybody | None | N/A | Band_UID [TCG Enterprise] | LBA band attribute data [TCG Enterprise] | None | Returns the data stored in the Locking SP table for an LBA Band | |||||
| Get Data Store | Read a stream of | User: Anybody | None | N/A | None | See §3.2.13.9 Read | DataStore | |||||
| bytes from | bytes from | data from the | plaintext data | |||||||||
| unstructured | unstructured | DataStore table | or UEC failure | |||||||||
| Level 0 Discovery | User: Anybody | None | N/A | See §3.3.6 Level 0 Discovery, §3.3.6.2 IF-RECV Command [TCG Core] | Level 0 Discovery Response data [TCG Core] | None | TCG ‘Level 0 Discovery’ discloses basic configuration data about the |
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED N/A N/A N/A N/A
| Name | Description | Roles | Csps Accessed | Approved Functions | Indicator | Input | Output | Roles SSP Access | |||
|---|---|---|---|---|---|---|---|---|---|---|---|
| OptiNAND Firmware Download | CO: SID | FW_Auth_OptiNA | isFIPS mode is true | RSA 3072 PSS signed firmware image | Success or UEC failure code | Digital signature | E: sFFUPublicKey | ||||
| verification of a | ND | verification of a | |||||||||
| binary firmware | OptiNAND_Descra | binary firmware | |||||||||
| image. | mbler | image. | |||||||||
| OptiNAND Firmware Integrity | Digital signature verification of a binary firmware image. | Unauthenticated | N/A | RSA 3072 PSS signed firmware image | Success or UEC failure code | E: sFFUPublicKey | FW_Integrity _OptiNAND OptiNAND_Descra mbler | ||||
| Read User Data | User: SCSI User | isFIPS mode is true | Plaintext user data or UEC failure code | Reads ciphertext | E: MEK | User_Data_Decrypti on | SCSI Operation | ||||
| from a LBA | from a LBA | Code, LBA, | |||||||||
| band and output | band and output | Transfer Length, | |||||||||
| user plaintext | user plaintext | Data-Out Buffer | |||||||||
| data. | data. | See [SBC-4] | |||||||||
| Reset Module | Power on Reset | Unauthenticated | isFIPS mode is true | None | Drive Ready Indicator or UEC failure code | G: DRBG.Seed, DRBG.Key, DRBG.V, ESV, SED Volatile Keyset E: ESV, DRBG.Key, DRBG.V, SED Volatile Keyset | Derived_Key_Gene ration Encryption Key Wrap RBG RBG_Seeding | ||||
| Revert | The Revert method cryptographically erases CSPs and returns the Cryptographic Module to its original manufactured state. | CO: SID User: Anybody | SID | isFIPS mode is true | PSID | Drive Ready Indicator or UEC failure code | Encryption Keyed_Digest_Gene ration RBG |
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED N/A Ka, Ku, LRK, NSK,
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED DRBG.V, Ka, Ku, LRK, PIN Digests, Ka, Ku, Ka, Ku, LRK, NSK,
| Name | Description | Roles | Indicator | Input | Output | Roles SSP Access | |
|---|---|---|---|---|---|---|---|
| RevertSP | The RevertSP method cryptographically erases CSPs and returns the Cryptographic Module to its original manufactured state. | CO: SID User: Anybody | isFIPS mode is true | See §5.1.3 RevertSP – Base Template SP Method [TCG Opal] | Drive Ready Indicator or UEC failure code | Encryption Key Wrap Keyed_Digest_Gene ration RBG | SID G: SID PIN Digest, EraseMaster PIN Digest, BandMaster PIN Digests, DRBG.Key, DRBG.V, K, K , LRK, NSK, a u MEK, RAK, UAK, UMK, , Root Keyset, Global Active Keyset, SED Active Keyset, SED AdminSP Keyset, SED LockingSP Keyset, SED Volatile Keyset SED AdminSP Keyset E: DRBG.Key, DRBG.V, K, K , LRK, a u NSK, RAK, UAK, UMK, Root Keyset, |
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED DRBG.V, Ka, Ku, LRK, PIN Digests, Ka, Ku, Ka, Ku, LRK, NSK, DRBG.V, Ka, Ku, LRK,
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED PIN Digests, Ka, Ku, Ka, Ku, LRK, NSK, DRBG.V, Ka, Ku, LRK,
| Name | Description | Roles | Csps Accessed | Indicator | Input | Output | ||||
|---|---|---|---|---|---|---|---|---|---|---|
| SCSI Command | The SCSI command set provides an efficient peer-to- peer operation for SCSI devices. | User: SCSI User | None | N/A | Input parameters are defined within [SCSI Core] and [SCSI Block] | Return device | None | |||
| Self-Test | The Cryptographic Module performs self- tests when it powers up | Unauthenticated | G: DRBG.Key, DRBG.V E: DRBG.Key, DRBG.V | N/A | None | Drive Ready or UEC failure code | Decryption Derived_Key_Gene ration Digest_Generation Digest_Verification FW_Integrity Encryption Entropy Key Wrap Keyed_Digest_Gene ration Keyed_Digest_Verif ication RBG | |||
| Set | CO: SID, EraseMaster, BandMaster User: Anybody | isFIPS mode is true | Set method table data. See [TCG Core] | Success or UEC failure code | Authority_Digest_G eneration Encryption Keyed_Digest_Gene ration | Write data | SID | |||
| structures; access | structures; access | E: Global Active | ||||||||
| control | control | Keyset, SED Active | ||||||||
| enforcement | enforcement | Keyset, SED AdminSP | ||||||||
| occurs per data | occurs per data | Keyset, , SED Volatile | ||||||||
| structure field. | structure field. | Keyset | ||||||||
| This service can | This service can | W: SID PIN |
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED N/A N/A PIN Digests, Ka, Ku,
| Name | Description | Roles | Csps Accessed | Indicator | Input | Output | Roles SSP Access | Security | ||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| change Authentication Credential PINs. | change Authentication Credential PINs. | EraseMaster | ||||||||||
| Set Band Attributes | Set the starting location, size, and attributes of an LBA band. | CO: BandMaster | isFIPS mode is true | LBA band attribute configuration data See [TCG Enterprise] | Success or UEC failure code | Encryption Keyed_Digest_Gene ration | E: Global Active Keyset, SED Active Keyset, SED LockingSP Keyset, SED Volatile Keyset, UAK | |||||
| Set Data Store | CO: BandMaster User: Anybody | Success or UEC failure code | None | None | Write a stream of | DataStore byte | ||||||
| bytes to | bytes to | table data | ||||||||||
| unstructured | unstructured | See [TCG | ||||||||||
| Show Status | The status inquiry command requests SCSI device (e.g., Cryptographic Module) status information | User: SCSI User | N/A | [SCSI Core] and [SCSI Block] define the input parameters. | Return requested module data or UEC failure code | None | None | |||||
| TCG Erase | CO: EraseMaster | G: MEK, LRK | isFIPS mode is true | TCG Erase | Band_UID | Success or | Encryption | |||||
| cryptographically | E: DRBG.Key, | cryptographically | See [TCG | UEC failure | Keyed_Digest_Gene | |||||||
| erases user data | DRBG.V, LRK, NSK, | erases user data | Enterprise], [TCG | code | ration |
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED Keyset, Ka Keyset, Ku N/A
| Name | Description | Roles | Csps Accessed | Approved Functions | Indicator | Input | Output |
|---|---|---|---|---|---|---|---|
| Write User Data | Transform plaintext user data into ciphertext and writes to an LBA band. | User: SCSI User | E: MEK | User_Data_Encrypti on | isFIPS mode is true | Operation Code, LBA, Transfer Length, Data-Out Buffer [SBC-4] | Success or UEC failure code |
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED UAKa
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED 4.4 Non-Approved Services The Cryptographic Module does not support non-approved services. 4.5 External Software/Firmware Loaded The Cryptographic Module utilizes RSA public key cryptography to verify that firmware downloaded to the CM is authentic. The Cryptographic Module uses RSA 3072 PKCSPSS with SHA2-256 to verify the digital signature of a downloaded firmware binary image. A Hardware Security Module (HSM), which resides in a secure Western Digital facility, generates, and stores the RSA Public/Private key pairs used in the firmware signing process. The Cryptographic Module rejects a downloaded firmware binary image if the digital signature verification process fails. Software/Firmware Security 5.1 Integrity Techniques The Cryptographic Module utilizes RSA public key cryptography to verify the integrity of all firmware binary images within the CM prior to execution. An operator may initiate the integrity test on demand by power cycling the CM. The firmware integrity tests ensure that prior to executing any firmware image the storage device verifies the firmware is from an authenticated Western Digital source. Current storage devices typically implement a multi-stage loader system to boot the drive. Each loader stage is responsible for loading and verifying the next image before transferring control to the next image. This process establishes a chain of trust during the boot process. The Cryptographic Module’s Boot ROM code loads the secure loader image. The SD_CA Key signed secure loader, enables the boot process to use other keys besides the SD_CA Key for boot time signature checking (i.e., SD_BFW Key). For example, the secure loader loads the SD_BFW public key certificate and verifies the SD_CA Key signature of the certificate. The secure loader then loads the next image(s) from boot flash, verifies the signature of the next image(s) using the SD_BFW public key, and transfers control to the next image. SD_CA Key SD_BFW Key SD_SM Key SC_FW Key SP_FW Key PROD_Group Key OEM_FW Key OEM_Release Key OEM_OFS Key Figure 10 - Asymmetric Key Tree 5.2 Initiate on Demand The operator initiates the integrity test on demand by power cycling the Cryptographic Module.
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED 5.3 Open-Source Parameters The Western Digital firmware development process does not utilize open-source firmware to build executable code installed within the Cryptographic Module. 6.1 Operational environment Operational Environment Type and Requirements Type of Operating Environment: Limited While operational, the Cryptographic Module prohibits additions, deletions, or modification of the code working set. For firmware upgrades, the Cryptographic Module uses an authenticated download service to upgrade its mutable firmware in its entirety. The immutable security firmware stored in ROM, which is essential and integral to the operation of the module is non-modifiable. If the download operation is successful, authorized, and verified, the Cryptographic Module will begin operating with the new code working set after successfully executing all preoperational self-tests. Firmware loaded into the cryptographic module that is not on the FIPS 140-3 certificate is out of the scope of this validation and requires a separate FIPS 140-3 validation. 6.2 Configuration Settings and Restrictions The Cryptographic Module blocks the installation of firmware images that contain a Code ID that is inconsistent with the Cryptographic Module’s SoC, hardware interface type (e.g., SAS or SATA) and security type (e.g., TCG Enabled, FIPS Enabled, etc.). The Crypto Officer is responsible for assuring that the LockOnReset parameter of the logical firmware download port is set to PowerCycle. The Cryptographic Module is in a noncompliant state when the LockOnReset parameter is not set to PowerCycle. The Crypto Officer is responsible for assuring the logical firmware download port remains locked unless the CO intends to execute the Firmware Download service. The CO shall lock the firmware download port after the Firmware Download service completes. Consult the Ports section of the Ultrastar DC HC560 3.5-inch Serial Attached SCSI Hard Disk Drive Specification [Product Manual] or Ultrastar DC HC570 3.5-inch Serial Attached SCSI Hard Disk Drive Specification [Product Manual] for guidance. The Crypto Officer is responsible for assuring that the BandMaster Authentication PIN Credential for all configured BandMasters does not equal the MSID value. LBA bands associated with BandMasters with default authentication PIN values are considered plaintext. The Crypto Officer is responsible for assuring that the LockOnReset attribute for any configured BandMaster is set to PowerCycle. The Cryptographic Module is in a noncompliant state when the state of the LockOnReset attribute of any configured BandMaster is not set to PowerCycle. The Crypto Officer is responsible for assuring that the ReadLockEnabled and WriteLockEnabled attribute for any configured BandMaster is set to True. The Cryptographic Module is in a noncompliant state when the state of the ReadLockEnabled or WriteLockEnabled attribute of any configured BandMaster is set to False. Consult the TCG Storage SSC: Enterprise Specification [TCG Enterprise] for guidance. Physical Security The Cryptographic Module is a multi-chip embedded module that complies with FIPS 140-3 Level 2 security. An ambient temperature from 5° to 60°C defines the Cryptographic Module’s environmental operating range [Datasheet] 7.1 Mechanisms and Actions Required The Cryptographic Module does not make claims in the Physical Security area beyond FIPS 140-3 Level 2 security. Therefore, the CM does not employ any fault induction mitigation techniques or EFP feature to immediately zeroise all unprotected SSPs if the temperature or voltage falls outside of the cryptographic module's normal operating range.
| Physical Security Mechanism | Recommended | Inspection/Test Guidelines | |
|---|---|---|---|
| Frequency of | |||
| Inspection | |||
| Testing | |||
| During the manufacturing process, specialized equipment applies one tamper-evident security seal to the CM’s PCBA. See Figure 11 and Figure 12. | Annually | The Cryptographic Module’s owner shall inspect the Cryptographic Module for evidence of tampering. If tamper evidence is apparent, the owner should return the module to Western Digital. See Figure 13. |
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED The CM initiates a thermal safety shutdown if the temperature drops below -40°C or exceeds 70°C but does not zeroize SSPs if either trip point is exceeded.
| Name | Type | Description |
|---|---|---|
| DRAM | Dynamic | General purpose system memory |
| IRAM | Dynamic | Memory internal to the ACM |
| NOR Flash | Static | SSP and boot code storage |
| NAND Flash | Static | SSP storage and firmware image |
| Disk Media | Static | SSP and operation firmware image storage |
| One-time Programable (OTP) | Static | Root Key and Certificate Authority Key storage |
| Name | Approved Functions | Type | From | To | ||
|---|---|---|---|---|---|---|
| Authentication Credential PIN | Authenticate TCG Authority | Plaintext | Operator | CM | Automated | Electronic |
| Public Key | RSA SigVer | Plaintext | HSM | CM | Automated | Electronic |
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED 8.1 Non-invasive Security Mitigation Techniques The Cryptographic Module lacks features to mitigate any non-invasive security attacks beyond the scope of the requirements within FIPS 140-3 Security Level 2. Sensitive Security Parameters Management The Cryptographic Module manages the SSPs listed in Section 9.4 of this document. The Cryptographic Module does not support the output of SSPs beyond the cryptographic boundary. The Cryptographic Module does not support non-approved algorithms or key lengths. 9.1 Storage Areas Calling processes implemented in firmware control Cryptographic Module access to SSPs. Zeroization services destroy or cryptographically erase SSPs. Table 15 Storage Area 9.2 SSP Input and Output Methods The CM limits the input of SSPs to plaintext Authentication Credential PINs and RSA-3072 public keys. RSA-3072 public key input only occurs during the manufacturing process. Instead of storing PIN values as plaintext, the CM stores an HMAC SHA-256 Digest of the PIN. A Hardware Security Module (HSM), which resides within a secure Western Digital facility, generates, and stores the RSA Public/Private key pairs input during the manufacturing process. The CM does not support the output of intermediate values generated during key generation. The module does not support the output of SSPs beyond the cryptographic boundary of the module. Table 16 SSP Input-Output Methods
| Name | Type | Description | Strength | Generation | Establishment | |
|---|---|---|---|---|---|---|
| Admin Authority Key (K ) a | Derived Symmetric Key | The K key encrypts and decrypts UAKs a and the UMK. | 256 bits | PBKDF2, Internal | N/A | 256 bits |
| Anybody User Access Key (UAK ) a | Symmetric Key | The Anybody Authority uses UAK to a decrypt the RAK of unlocked LBA bands. | 256 bits | CKG-Direct | N/A | 256 bits |
| BandMaster PIN (16 total) | Plaintext | Authentication Credential PIN for a Locking SP Bandmaster Authority. | 12 to 32 bytes | N/A | N/A | 96 to 256 bits |
| BandMaster PIN Digest (16 total) | Message Digest | Authenticates BandMaster PIN. | 256 bits | HMAC-SHA2-256, Internal | N/A | 256 bits |
| DRBG.Key | Entropy | Internal state associated with the [SP 800 90A] CTR_DRBG using AES-256 | 256 bits | CTR_DRBG, Internal | N/A | 256 bits |
| DRBG.Seed | Entropy | Internal state associated with the [SP 800 90A] CTR_DRBG using AES-256 | 5120 bits | ESV Internal | N/A | 431.379 bits |
| DRBG.V | Entropy | Internal state associated with the [SP 800 90A] CTR_DRBG using AES-256. | 128 bits | CTR_DRBG, Internal | N/A | 128 bits |
| EraseMaster PIN | Plaintext | Authentication Credential PIN for the Locking SP EraseMaster Authority. | 12 to 32 bytes | N/A | N/A | 96 to 256 bits |
| EraseMaster PIN Digest | Message Digest | Authenticates the EraseMaster PIN | 256 bits | HMAC-SHA2-256, Internal | N/A | 256 bits |
| ESV | Entropy | Entropy source input to the [SP 800 90A] CTR_DRBG | 32-bit sample | Ring oscillator noise source, Internal | N/A | 2.69612 bits per 32-bit sample |
| Global Active Encryption Key (AEK) | Symmetric Key | The Global Active Encryption Key encrypts and decrypts the SED Active Keyset, NSK and the UAK key. a | 256 bits | CKG-Direct | N/A | 256 bits |
| Global Active Signing Key | Symmetric Key | Signs the encrypted SED Active Keyset. | 256 bits | CKG-Direct | N/A | 256 bits |
| KDF Salt (EraseMaster and BandMaster unique) | Symmetric Key | KDF Salts are integral to the PBKDF2 generation of each K and K derived a u authority key. | 256-bits | CKG-Direct | N/A | 256-bits |
| Locking Range Keyset (LRK) LRK.AES Key LRK.XTS Key (BandMaster unique) | Symmetric Key | LRKs in combination with the NSKs derive MEKs, which encrypt LBA bands | 256 bits | CKG-Direct | N/A | 256 bits |
| MEK - Media Encryption Keyset MEK.AESEnc Key MEK.AESDec Key MEK.XTS Tweak Key (BandMaster unique) | Derived Symmetric Key | MEKs encrypt and decrypt LBA bands. An MEK.AESDec key is the last entry of the key schedule for an MEK.AESEnc key. | 256 bits | CKG-Combined | N/A | 256 bits |
| MSID | Plaintext | The MSID string is the default password for the SID, EraseMaster and BandMaster authorities. Stored during the manufacturing process, the CM generates this thirty-two-character value by processing a CTR-DRBG generated random number through an Alphanumeric Character Conversion algorithm. The algorithm draws from a thirty-four-element character set to generate the MSID. | 32 bytes | CKG-Direct | N/A | 162.8 bits |
| MSID Digest | Message Digest | Authenticates the MSID PIN | 256 bits | HMAC-SHA2-256, Internal | N/A | 256 bits |
| Namespace Keyset (NSK) NSK.AES Key NSK.XTS Key (BandMaster unique) | Symmetric Key | NSKs in combination with the LRKs derive MEKs, which encrypt LBA bands. | 256 bits | CKG-Direct | N/A | 256 bits |
| Non-Admin Authority Key (K ) u (BandMaster unique) | Derived Symmetric Key | K keys encrypt and decrypt all UAKs u except UAK. a | 256 bits | PBKDF2, Internal | N/A | 256 bits |
| OEM Firmware Key (OEM_FW Key) | Public Key | The OEM_FW Key verifies OEM firmware images and packages. | 3072-bits | HSM, External | N/A | 128-bits |
| OEM Original Factory State Key (OEM_OFS Key) | Public Key | The OEM_OFS Key verifies the OEM Original Factory Settings files. | 3072-bits | HSM, External | N/A | 128-bits |
| OEM_Release Key (OEM_Release Key) | Public Key | The OEM_Release Key verifies the outer signature of an OEM firmware package. | 3072-bits | HSM, External | N/A | 128-bits |
| Product Group Key (PROD_GROUP Key) | Public Key | The PROD_GROUP Key verifies OEM_FW Key certificates. | 3072-bits | HSM, External | N/A | 128-bits |
| PSID | Plaintext | The PSID string serves as authentication data and proof of physical presence for the Revert and RevertSP services. Stored during the manufacturing process, the CM generates this thirty- two-character value by processing a CTR-DRBG generated random number through an Alphanumeric Character Conversion algorithm. The algorithm draws from a thirty-four-element character set to generate the PSID. | 32 bytes | CKG-Direct | N/A | 162.8 bits8 |
| PSID Digest | Message Digest | Authenticates the PSID | 256 bits | HMAC-SHA2-256, Internal | N/A | 256 bits |
| Range Access Key (RAK) (BandMaster unique) | Symmetric Key | RAKs encrypt and decrypt LRKs. | 256 bits | CKG-Direct | N/A | 256 bits |
| Root Encryption Key | Symmetric Key | The Root Encryption Key encrypts the Global Active Keyset. | 256 bits | CKG-Direct | N/A | 256 bits |
| Root Signing Key | Symmetric Key | Signs the encrypted Global Active Keyset. | 256 bits | CKG-Direct | N/A | 256 bits |
| SecureBootPublicKey | Public Key | The SecureBootPublicKey verifies the OptiNAND Boot Code, Static data structures and parameters. The OptiNAND Download and Execute (DLE) module uses the SecureBootPublicKey to verify the RSA 3072 PSS signature of OptiNAND firmware. | 3072-bits | HSM, External | N/A | 128-bits |
| Security Core Firmware Key (SC_FW Key) | Public Key | The SC_FW Key verifies Access Control Module (ACM) security core firmware. | 3072-bits | HSM, External | N/A | 128-bits |
| Security Protocol Firmware Key (SP_FW Key) | Public Key | The SP_FW Key verifies ACM security protocol and services firmware. | 3072-bits | HSM, External | N/A | 128-bits |
| SED Active Encryption Key | Symmetric Key | Encrypts and decrypts the SED AdminSP Active Keyset and the SED LockingSP Active Keyset. | 256 bits | CKG-Direct | N/A | 256 bits |
| SED Active Signing Key | Symmetric Key | Signs the encrypted SED AdminSP Active Keyset and the SED LockingSP Active Keyset. | 256 bits | CKG-Direct | N/A | 256 bits |
| SED AdminSP Encryption Key | Symmetric Key | Encrypts and decrypts CSPs associated with an Admin SP. | 256 bits | CKG-Direct | N/A | 256 bits |
| SED AdminSP Signing Key | Symmetric Key | Signs encrypted CSPs associated with an Admin SP. | 256 bits | CKG-Direct | N/A | 256 bits |
| SED LockingSP Encryption Key | Symmetric Key | Encrypts and decrypts CSPs associated with a Locking SP. | 256 bits | CKG-Direct | N/A | 256 bits |
| SED LockingSP Signing Key | Symmetric Key | Signs encrypted CSPs associated with a Locking SP. | 256 bits | CKG-Direct | N/A | 256 bits |
| SED Volatile Encryption Key | Symmetric Key | Encrypts, and decrypts LRKs and MEKs. | 256 bits | CKG-Direct | N/A | 256 bits |
| SED Volatile Signing Key | Symmetric Key | Signs encrypted LRKs and MEKs. | 256 bits | CKG-Direct | N/A | 256 bits |
| sFFU_EncKey | Public Key | Descrambles a Secure Field Firmware Update (sFFU) image | 256 bits | HSM, External | N/A | 256 bits |
| sFFUPublicKey | Public Key | The sFFUPublicKey verifies OptiNAND Secure Field Firmware Update (sFFU) images. | 3072-bits | HSM, External | N/A | 128-bits |
| SID PIN | Plaintext | Authentication Credential PIN for the Admin SP SID Authority. | 12 to 32 bytes | N/A | N/A | 96 to 256 bits |
| SID PIN Digest | Message Digest | Authenticates the SID PIN | 256 bits | HMAC-SHA2-256, Internal | N/A | 256 bits |
| Storage Device Boot FW Key (SD_BFW Key) | Public Key | The SD_BFW Key is public key used to verify all boot flash images. | 3072-bits | HSM, External | N/A | 128-bits |
| Storage Device Certification Authority Key (SD_CA Key) | Public Key | The SD_CA Key is the Master RSA 3072 public key used to verify the Secure Loader image | 3072-bits | HSM, External | N/A | 128-bits |
| Storage Device Secure Message Key (SD_SM Key) | Public Key | The SD_SM Key verifies secure messages used for manufacturing, development, and failure analysis | 3072-bits | HSM, External | N/A | 128-bits |
| SVSPublicKey | Public Key | The SVSPublicKey verifies OptiNAND Unlock commands | 3072-bits | HSM, External | N/A | 128-bits |
| Method | Description | Rationale | Operator Initiation Capability | |||
|---|---|---|---|---|---|---|
| Power Cycle | Power cycling involves disconnecting and reconnecting the CM to its source of power. | The operator physically or remotely disconnects the CM from its source of power. | ||||
| Revert | The Revert method cryptographically erases CSPs, removes the owner’s Authentication Credentials and returns the Cryptographic Module to its original manufactured state. | The operator transmits a command to the CM as the TPer to initiate a zeroisation process. | ||||
| RevertSP | The RevertSP method cryptographically erases CSPs. RevertSP removes the owner’s Authentication Credentials and returns the Cryptographic Module to its original manufactured state. The CM preserves Global Range data if the KeepGlobalRangeKey parameter is set to True. | The operator transmits a command to the CM as the TPer to initiate a zeroisation process. | ||||
| Secure Manufacturing Reconfiguration Process | The secure manufacturing reconfiguration processes incorporates a hardware security module (HSM) and supporting security software to inject cryptographic keys, digital certificates and assure only authentic firmware is installed on the Cryptographic Module. | The operator transmits proprietary commands to the CM to initiate a rebuild process that zeroizes and regenerates the symmetric and asymmetric key trees. | ||||
| TCG Erase | The TCG Erase method cryptographically erases user data by regenerating the Locking Range Key (LRK) and Media Encryption Key (MEK) associated with a data range. | The operator transmits a command to the CM as the TPer to initiate a user data erasure process. |
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED 9.3 SSP Zeroization Methods Zeroization of persistent SSPs complies with the cryptographic erasure requirements for SCSI Hard Disk drives within [SP 800 88], Guidelines for Media Sanitization. The Cryptographic Module zeroizes ephemeral SSPs by overwriting the SSP memory location with all zeros within the scope of the function call. Table 17 SSP Zeroization Methods 9.4 SSPs Table 18 SSPs Part 1 N/A (UAKa) N/A
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED N/A N/A N/A except UAKa. N/A N/A N/A N/A N/A
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED N/A N/A N/A N/A N/A N/A N/A N/A N/A
8 E = log2(RL), where E = authentication strength, R = pool of unique characters and L = password length, https://www.pleacher.com/mp/mlessons/algebra/entropy.html
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
| Name | Type | Description | Strength | Generation | Storage | Use | Input | Temporary Storage Duration | Zeroisation Methods | Category | Related SSPs | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| User Access Key (UAK) (BandMaster unique) | Symmetric Key | Encrypts and decrypts the RAK associated with a BandMasters. | 256 bits | CKG-Direct | 256 bits | |||||||
| User Management Key (UMK) | Symmetric Key | Encrypts and decrypts UAKs. | 256 bits | CKG-Direct | 256 bits | |||||||
| Admin Authority Key (K ) a | IRAM, Plaintext | AES-CBC-256 (Cert #AES 3580) | N/A | Ephemeral, destroyed after use. | N/A | CSP | Encrypts UAKs and the UMK, Derived from EraseMaster PIN and EraseMaster associated KDF Salt | |||||
| Anybody User Access | IRAM - Plaintext | AES-CBC-256 (Cert #AES 3580) | N/A | Power up to power down | Power Cycle | CSP | Decrypts RAKs | |||||
| Key (UAK ) a | Disk Media, Encrypted | Revert RevertSP | ||||||||||
| BandMaster PIN (16 total) | IRAM - Plaintext | PBKDF2 (Cert #A2100) HMAC-SHA2- 256 (Cert #HMAC 2280) | Authentication Credential PIN | Ephemeral, destroyed after use. | N/A | CSP | Paired with associated BandMaster PIN Digest, KDF Salt, and K key u | |||||
| BandMaster PIN Digest | Disk Media, Signed | HMAC-SHA2- 256 (Cert #HMAC 2280) | N/A | Revert RevertSP | CSP | Generated from associated BandMaster PIN and the SED Active Signing Key | ||||||
| DRBG.Key | IRAM, Plaintext | CTR_DRBG (Cert #A2098) | N/A | Power up to power down | Power Cycle | CSP | Paired with DRBG.Seed and DRBG.V | |||||
| DRBG.Seed | IRAM - | CTR_DRBG | N/A | Power up to | Power Cycle | CSP | Paired with |
| Name | Type | Description | Strength | Generation | Storage | Use | Input | Temporary Storage Duration | Zeroisation Methods | Category | Related SSPs | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| User Access Key (UAK) (BandMaster unique) | Symmetric Key | Encrypts and decrypts the RAK associated with a BandMasters. | 256 bits | CKG-Direct | 256 bits | |||||||
| User Management Key (UMK) | Symmetric Key | Encrypts and decrypts UAKs. | 256 bits | CKG-Direct | 256 bits | |||||||
| Admin Authority Key (K ) a | IRAM, Plaintext | AES-CBC-256 (Cert #AES 3580) | N/A | Ephemeral, destroyed after use. | N/A | CSP | Encrypts UAKs and the UMK, Derived from EraseMaster PIN and EraseMaster associated KDF Salt | |||||
| Anybody User Access | IRAM - Plaintext | AES-CBC-256 (Cert #AES 3580) | N/A | Power up to power down | Power Cycle | CSP | Decrypts RAKs | |||||
| Key (UAK ) a | Disk Media, Encrypted | Revert RevertSP | ||||||||||
| BandMaster PIN (16 total) | IRAM - Plaintext | PBKDF2 (Cert #A2100) HMAC-SHA2- 256 (Cert #HMAC 2280) | Authentication Credential PIN | Ephemeral, destroyed after use. | N/A | CSP | Paired with associated BandMaster PIN Digest, KDF Salt, and K key u | |||||
| BandMaster PIN Digest | Disk Media, Signed | HMAC-SHA2- 256 (Cert #HMAC 2280) | N/A | Revert RevertSP | CSP | Generated from associated BandMaster PIN and the SED Active Signing Key | ||||||
| DRBG.Key | IRAM, Plaintext | CTR_DRBG (Cert #A2098) | N/A | Power up to power down | Power Cycle | CSP | Paired with DRBG.Seed and DRBG.V | |||||
| DRBG.Seed | IRAM - | CTR_DRBG | N/A | Power up to | Power Cycle | CSP | Paired with | |||||
| (Cert #A2098) | Plaintext | (Cert #A2098) | power down | DRBG.Key and DRBG.V | ||||||||
| DRBG.V | IRAM, Plaintext | CTR_DRBG (Cert #A2098) | N/A | Power up to power down | Power Cycle | CSP | Paired with DRBG.Seed and DRBG.V | |||||
| ESV | IRAM, Plaintext | CTR_DRBG (Cert #A2098) | N/A | Power up to power down | Power Cycle | CSP | Paired with DRBG.Seed | |||||
| EraseMaster PIN | IRAM - Plaintext | PBKDF2 (Cert #A2100 HMAC-SHA2- 256 (Cert #HMAC 2280) | Authentication Credential PIN | Ephemeral Destroyed after use | N/A | CSP | Paired with EraseMaster PIN Digest, KDF Salt, and K key a | |||||
| EraseMaster PIN Digest | Disk Media, Signed | HMAC-SHA2- 256 (Cert #HMAC 2280) | N/A | Revert RevertSP | CSP | Generated from EraseMaster PIN and SED Active Signing Key | ||||||
| Global Active Encryption Key (AEK) | NOR Flash, Encrypted | AES-CBC-256 (Cert #AES 3580) | N/A | Secure Manufacturing Reconfiguration Process | CSP | Encrypts and decrypts the SED Active Keyset, NSKs and UAK a | ||||||
| Global Active Signing Key | NOR Flash, Encrypted | HMAC-SHA2- 256 (Cert #HMAC 2280) | N/A | Secure Manufacturing Reconfiguration Process | CSP | Derived from AEK and SED Active Keyset | ||||||
| KDF Salt (EraseMaster and BandMaster unique) | Disk Media, Signed | HMAC-SHA2- 256 (Cert #HMAC 2280) PBKDF2 (Cert #A2100) | N/A | Revert RevertSP | PSP | Paired with associated BandMaster PINs, the EraseMaster PIN, K key, and a K keys u | ||||||
| Locking Range Keyset (LRK) LRK.AES Key LRK.XTS Key (BandMaster unique) | DRAM, Encrypted | XOR | N/A | Generation to power down. | Power Cycle Revert RevertSP TCG Erase | CSP | Paired with associated NSK and MEK, Encrypted by SED Volatile Key | |||||
| Disk Media, Encrypted | Disk Media, Encrypted | Revert RevertSP TCG Erase | Paired with associated NSK and MEK, Encrypted by associated RAK | |||||||||
| Media Encryption Keyset (MEK) MEK.AESEnc Key MEK.AESDec Key MEK.XTS Tweak Key (BandMaster unique) | DRAM, Encrypted | AES-XTS-256 (Cert #A2101) | N/A | Generation to power down. | Power Cycle | CSP | Generated from associated LRK and NSK, Encrypted by SED Volatile Key | |||||
| MSID | IRAM, Plaintext | HMAC-SHA2- 256 (Cert #HMAC 2280) | N/A | Ephemeral Destroyed after use. | N/A | PSP | Paired with MSID Digest, Signed by the SED Active Signing Key | |||||
| NOR Flash, Signed | NOR Flash, Signed | N/A | ||||||||||
| MSID Digest | Disk Media, Signed | HMAC-SHA2- 256 (Cert #HMAC 2280) | N/A | Revert RevertSP | CSP | Generated from the MSID and the SED Active Signing Key | ||||||
| Namespace Keyset (NSK) | DRAM, Encrypted | XOR | N/A | Generation to power down. | Power Cycle | CSP | Paired with associated LRK and MEK, Encrypted by Global Active Encryption Key | |||||
| NSK.AES Key NSK.XTS Key (BandMaster unique) | Disk Media, Encrypted | N/A | Revert RevertSP | |||||||||
| Non-Admin Authority Key (K ) u (BandMaster unique) | N/A | AES-CBC-256 (Cert #AES 3580) | N/A | Ephemeral, destroyed after use | N/A | CSP | Derived from associated BandMaster PIN and KDF Salt, Encrypts UAKs | |||||
| OEM Firmware Key (OEM_FW Key) | NOR Flash, Signed | RSA SigVer (Cert #A2098) | Public Key | N/A | Neither | Verified by PROD_GROUP Key | ||||||
| OEM Original Factory State Key (OEM_OFS Key) | NOR Flash, Signed | RSA SigVer (Cert #A2098) | Public Key | N/A | Neither | Verified by PROD_GROUP Key | ||||||
| OEM_Release Key (OEM_Release Key) | NOR Flash, Signed | RSA SigVer (Cert #A2098) | Public Key | N/A | Neither | Verified by PROD_GROUP Key | ||||||
| Product Group Key (PROD_GROUP Key) | NOR Flash, Signed | RSA SigVer (A2098) | Public Key | N/A | Neither | Verified by SD_CA Key | ||||||
| PSID | IRAM, Plaintext | HMAC-SHA2- 256 (Cert #HMAC 2280) | N/A | Generation to power down. | Power Cycle | PSP | Paired with PSID Digest Encrypted by SED Active Encryption Key, Signed by SED Active Signing Key | |||||
| NOR Flash, Encrypted and signed | NOR Flash, Encrypted and signed | N/A | N/A | |||||||||
| PSID Digest | Disk Media, Signed | HMAC-SHA2- 256 (Cert #HMAC 2280) | N/A | N/A | Revert RevertSP | CSP | Generated from PSID and the SED Active Signing Key | |||||
| Range Access Key (RAK) (BandMaster unique) | Disk Media, Encrypted | AES-CBC-256 (Cert #AES 3580) | N/A | Revert RevertSP | CSP | Encrypted by associated UAK, Encrypts associated LRK. | ||||||
| Root Encryption Key | OTP | AES-CBC-256 (Cert #AES 3580) AES-ECB-256 (Cert #AES 3580) KWP-AD (Cert #A2098) KWP-AE (Cert #A2098) | N/A | Secure Manufacturing Reconfiguration Process | CSP | Encrypts Global Active Keyset, Wraps Root Signing Key | ||||||
| Root Signing Key | NOR Flash, Encrypted | HMAC-SHA2- 256 (Cert #HMAC 2280) | N/A | Secure Manufacturing Reconfiguration Process | CSP | Signs Global Active Encryption Key, Wrapped by Root Encryption | ||||||
| SecureBootPublicKey | Masked ROM, OptiNAND | RSA SigVer (Cert #A2099) | Public Key | N/A | Neither | Verifies OptiNAND firmware image, Signs sFFUPublicKey | ||||||
| Security Core Firmware Key (SC_FW Key) | NOR Flash, Signed | RSA SigVer (Cert #A2098) | Public Key | N/A | Neither | Verified by SD_CA Key | ||||||
| Security Protocol Firmware Key (SP_FW Key) | NOR Flash, Signed | RSA SigVer (Cert #A2098) | Public Key | N/A | Neither | Verified by SD_CA Key | ||||||
| SED Active Encryption Key | NOR Flash, Encrypted | AES-CBC-256 (Cert #AES 3580) | N/A | Revert RevertSP | CSP | Encrypts the SED AdminSP Active Keyset, Encrypts the SED LockingSP Active Keyset | ||||||
| SED Active Signing Key | NOR Flash, Encrypted | HMAC-SHA2- 256 (Cert #HMAC 2280) | N/A | Revert RevertSP | CSP | Signs the SED AdminSP Active Keyset, Signs the SED LockingSP Active Keyset | ||||||
| SED AdminSP Encryption Key | NOR Flash, Encrypted | AES-CBC-256 (Cert #AES 3580) | N/A | Revert RevertSP | CSP | Encrypts CSPs associates with an Admin SP | ||||||
| SED AdminSP Signing Key | NOR Flash, Encrypted | HMAC-SHA2- 256 (Cert #HMAC 2280) | N/A | Revert RevertSP | CSP | Signs CSPs associated with an Admin SP | ||||||
| SED LockingSP Encryption Key | NOR Flash, Encrypted | AES-CBC-256 (Cert #AES 3580) | N/A | Revert RevertSP | CSP | Encrypts CSPs associated with a Locking SP | ||||||
| SED LockingSP Signing Key | NOR Flash, Encrypted | HMAC-SHA2- 256 (Cert #HMAC 2280) | N/A | Revert RevertSP | CSP | Signs CSPs associated with a Locking SP | ||||||
| SED Volatile Encryption Key | IRAM, Plaintext | AES-CBC-256 (Cert #AES 3580) | N/A | Power up to power down | Power Cycle Revert RevertSP | CSP | Encrypts LRKs and MEKs. | |||||
| SED Volatile Signing Key | IRAM, Plaintext | HMAC-SHA2- 256 (Cert #HMAC 2280) | N/A | Power up to power down | Power Cycle Revert RevertSP | CSP | Signs encrypted LRKs and MEKs. | |||||
| sFFUEncKey | NAND Flash, OptiNAND, Signed | AES-CBC-256 (Cert #A2099) | Public Key | N/A | Neither | Signed by SecureBootPublic Key | ||||||
| sFFUPublicKey | NAND Flash, OptiNAND, Signed | RSA SigVer (Cert #A2099) | Public Key | N/A | Neither | Signed by SecureBootPublic Key | ||||||
| SID PIN | IRAM - Plaintext | PBKDF2 (A2100) HMAC-SHA2- 256 (Cert #HMAC 2280) | Authentication Credential PIN | Ephemeral Destroyed after use | N/A | CSP | Paired with SID PIN Digest | |||||
| SID PIN Digest | Disk Media - Encrypted | HMAC-SHA2- 256 (Cert #HMAC 2280) | N/A | Revert RevertSP | CSP | Generated from SID PIN and SED Active Signing Key | ||||||
| Storage Device Boot FW Key (SD_BFW Key) | NOR Flash, Signed | RSA SigVer (Cert #A2098) | Public Key | N/A | Neither | Signed by SD_CA Key | ||||||
| Storage Device Certification Authority Key (SD_CA Key) | NOR Flash, Plaintext OTP, SHA-256 digest | RSA SigVer (Cert #A2098) | Public Key | N/A | Neither | Signs SD_BFW Key, SD_SM Key, SC_FW Key, SP_FW Key and PROD_GROUP Key | ||||||
| Storage Device Secure Message Key (SD_SM Key) | NOR Flash, Signed | RSA SigVer (Cert #A2098) | Public Key | N/A | Neither | Signed by SD_CA Key | ||||||
| SVSPublicKey | NAND Flash, OptiNAND, Signed | RSA SigVer (Cert #A2099) | Public Key | N/A | Neither | Signed by SecureBootPublic Key | ||||||
| User Access Key (UAK) (BandMaster unique) | Disk Media, Encrypted | AES-CBC-256 (Cert #AES 3580) | N/A | Revert RevertSP | CSP | Encrypts BandMaster associated RAK | ||||||
| User Management Key (UMK) | Disk Media, Encrypted | AES-CBC-256 (Cert #AES 3580) | N/A | Revert RevertSP | CSP | Encrypts UAKs |
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED N/A N/A Table 19 SSPs Part 2 (Ka) N/A Key (UAKa) N/A N/A N/A N/A N/A N/A
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED N/A N/A N/A N/A Ku keys N/A N/A N/A N/A
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Key (Ku)
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED N/A N/A N/A N/A N/A N/A N/A N/A N/A
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED N/A N/A N/A N/A HMAC-SHA2Authentication N/A N/A N/A N/A N/A N/A
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Test Properties | Indicator | Periodic Method | Conditions | Coverage | ||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| RSA SigVer (Cert # A2098, Cert #SHS 2942) | RSA SigVer (Cert # A2098, Cert #SHS 2942) | Digital Signature Verification | SW/FW Integrity | On Demand | Manually | Verify Digital Signature. | 3072-bit, PSS w/SHA2-256 | Pass: Boot to the firmware image Fail: Device Unavailable | |||||
| ESV (Cert # ESV13) | ESV (Cert # ESV13) | SP 800-90B Health-Test | Critical Function | On Demand | Manually | Verifies that the RCT Threshold was not exceeded as specified in [SP 800 90B] | Repetition Count Test (RCT) | Pass: Next test Fail: Device Unavailable | |||||
| ESV (Cert # ESV13) | ESV (Cert # ESV13) | SP 800-90B Health-Test | Critical Function | On Demand | Manually | Verifies that the APT Threshold was not exceeded as specified in [SP 800 90B] | Adaptive Proportion Test (APT) | Pass: Next test Fail: Device Unavailable | |||||
| RSA SigVer (Cert # A2099) | RSA SigVer (Cert # A2099) | 3072-bit, PSS w/SHA2- 256, SecureBootPublicKey | Digital Signature Verification | Verify Digital Signature. | On Demand | Pass: Boot to the firmware image Fail: Device Unavailable | SW/FW Integrity | Manually | |||||
| AES-CBC | AES-CBC | Known Answer (KAT) | CAST | On Demand | Manually | Encrypt, verify | Pass: Next test Fail: Device Degraded | AES, 256-bit, CBC | Power up | Cert #AES 3580 | IG 10.3.A | ||
| AES-CBC | AES-CBC | KAT | CAST | On Demand | Manually | Decrypted, verify | Pass: Next test Fail: Device Degraded | AES, 256-bit, CBC | Power up | Cert #AES 3580 | IG 10.3.A | ||
| AES-ECB | AES-ECB | KAT | CAST | On Demand | Manually | Encrypt, verify | Pass: Next test Fail: Device Degraded | AES, 256-bit, ECB | Power up | Cert #AES 3580 | IG 10.3.A | ||
| AES-ECB | AES-ECB | KAT | CAST | On Demand | Manually | Decrypted, verify | Pass: Next test Fail: Device Degraded | AES, 256-bit, ECB | Power up | Cert #AES 3580 | IG 10.3.A | ||
| AES-ECB | AES-ECB | KAT | CAST | On Demand | Manually | Encrypt, verify | Pass: Next test Fail: Device Degraded | AES, 256-bit, ECB, DEE | Power up | Cert #A2101 | IG 10.3.A |
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED N/A N/A
The Cryptographic Module performs pre-operational self-tests automatically at powered up and after installing a new firmware image. Pre-operational self-tests tests ensure that the Cryptographic Module is not corrupted, and all cryptographic algorithms work as expected. The Cryptographic Module inhibits all data output via the “data output” interface and the execution of loaded or modified approved security functions while executing the preoperational self-tests.
Cryptographic Module The Cryptographic Module performs the pre-operational self-test listed in Table 20 at power up, in response to a self-initiated reset and prior to booting to a new firmware image. The execution of the ESV Critical Function and RSA SigVer SW/FW Integrity self-tests satisfy AS10.23. Upon failure the Cryptographic Module transitions to a Device Unavailable error state. Table 20 CM Pre-Operational Self-Tests
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Indicator | Periodic Method | Conditions | Coverage | ||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| RSA SigVer (Cert # A2099) | RSA SigVer (Cert # A2099) | 3072-bit, PSS w/SHA2- 256, SecureBootPublicKey | Digital Signature Verification | Verify Digital Signature. | On Demand | Pass: Boot to the firmware image Fail: Device Unavailable | SW/FW Integrity | Manually | ||||
| AES-CBC | AES-CBC | Known Answer (KAT) | CAST | On Demand | Manually | Encrypt, verify | Pass: Next test Fail: Device Degraded | AES, 256-bit, CBC | Power up | Cert #AES 3580 | IG 10.3.A | |
| AES-CBC | AES-CBC | KAT | CAST | On Demand | Manually | Decrypted, verify | Pass: Next test Fail: Device Degraded | AES, 256-bit, CBC | Power up | Cert #AES 3580 | IG 10.3.A | |
| AES-ECB | AES-ECB | KAT | CAST | On Demand | Manually | Encrypt, verify | Pass: Next test Fail: Device Degraded | AES, 256-bit, ECB | Power up | Cert #AES 3580 | IG 10.3.A | |
| AES-ECB | AES-ECB | KAT | CAST | On Demand | Manually | Decrypted, verify | Pass: Next test Fail: Device Degraded | AES, 256-bit, ECB | Power up | Cert #AES 3580 | IG 10.3.A | |
| AES-ECB | AES-ECB | KAT | CAST | On Demand | Manually | Encrypt, verify | Pass: Next test Fail: Device Degraded | AES, 256-bit, ECB, DEE | Power up | Cert #A2101 | IG 10.3.A |
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED OptiNAND Device The OptiNAND device performs the pre-operational self-test listed below at power up, in response to a self-initiated reset and prior to booting to a new firmware image. Upon failure, the device returns a UEC error code, aborts booting to the firmware image and transitions to a Device Unavailable error state. The execution of the SW/FW Integrity self-test satisfies AS10.23. Table 21 OptiNAND Pre-Operational Self-Tests
Cryptographic Module Conditional Self-Tests The Cryptographic Module performs the listed conditional self-tests. Upon failure the Cryptographic Module, with exception of the ESV self-tests, transitions to a Device Degraded error state. Conditional ESV self-test failures cause the CM to transition to a Device Unavailable error state. Table 22 CM Conditional Self-Tests
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Indicator | Conditions | Coverage | ||
|---|---|---|---|---|---|---|---|---|---|---|---|
| AES-ECB | AES-ECB | KAT | CAST | On Demand | Manually | Decrypt, verify | AES, 256-bit, ECB, DEE | Pass: Next test Fail: Device Degraded | Power up | Cert #A2101 | IG 10.3.A |
| AES-XTS | AES-XTS | Non- equivalence test9 | Critical Function | On Demand | Programmatically | Verify | AES, 256-bit, XTS | Fail: UEC error code | LRK and NSK generation | Cert #A2101 | IG C.I |
| DRBG | DRBG | KAT | CAST | On Demand | Programmatically | Verify | 5120-bit seed | Pass: Next test Fail: Device Unavailable | Power up | Cert #A2098 | IG 10.3.A |
| ESV | ESV | RCT | CAST | On Demand | Manually | Verifies that the RCT threshold was not exceeded as specified in [SP 800 90B] | Repetition Count Test (RCT) | Pass: Next test Fail: Device Unavailable | Power up | Cert #ESV13 | IG 10.3.A |
| After 232 CTR_DRBG reseeds. | Programmatically | After 232 CTR_DRBG reseeds. | |||||||||
| ESV | ESV | APT | CAST | On Demand | Manually . | Verifies that the APT threshold was not exceeded as specified in [SP 800 90B] | Adaptive Proportion Test (APT) | Pass: Next test Fail: Device Unavailable | Power up | Cert #ESV13 | IG 10.3.A |
| After 232 CTR_DRBG reseeds | Programmatically | After 232 CTR_DRBG reseeds | |||||||||
| HMAC- SHA2-256 | HMAC- SHA2-256 | KAT | CAST | On Demand | Manually | Verify | Message, 256- bit key, 256- bit hash digest | Pass: Next test Fail: Device Degraded | Power up | Cert #HMAC 2280 | IG 10.3.A |
| PBKDF2 | PBKDF2 | KAT | CAST | On Demand | Manually | Verify | 256-bit Salt Iteration Count: 1024 | Pass: Next test Fail: Device Degraded | Power up | Cert #A2100 | IG 10.3.A |
| RSA SigVer | RSA SigVer | KAT | CAST | On Demand | Manually | Verify | 3072-bit public key, 256-bit hash digest | Pass: Next test Fail: Device Degraded | Power up | Cert #A2098, Cert #SHS 2942 | IG 10.3.A |
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED Nonequivalence HMACSHA2-256 Message, 256bit key, 256KAT
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Indicator | Conditions | Coverage | Coverage Notes | Test Properties | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| RSA SigVer | RSA SigVer | Digital Signature Verification | SW/FW Load Test | On Demand | Programmatically | Verify | 3072-bit public key, 256-bit hash digest, OEM_Release Key | Pass: Boot to new image Fail: UEC error code | Firmware download | Cert #A2098, Cert #SHS 2942 | IG 10.3.A | |
| SHA2-256 | SHA2-256 | KAT | CAST | On Demand | Manually | Verify | Message, 256- bit hash digest | Pass: Next test Fail: Device Degraded | Power up | Cert #SHS 2942 | IG 10.3.A | |
| SP 800-38F KW | SP 800-38F KW | KAT | CAST | On Demand | Manually | Authenticate d Encrypt, verify | 256-bit KEK | Pass: Next test Fail: Device Degraded | Power up | Cert #A2098 | IG 10.3.A | |
| SP 800-38F KW | SP 800-38F KW | KAT | CAST | On Demand | Manually | Authenticate d Decrypt, verify | 256-bit KEK | Pass: Next test Fail: Device Degraded | Power up | Cert #A2098 | IG 10.3.A | |
| AES-CBC | AES-CBC | KAT | CAST | On Demand | Manually | Encrypt, verify | Pass: Next test Fail: Device Degraded | Power up | Cert #A2099 | IG 10.3.A | AES, 256-bit, CBC | |
| AES-CBC | AES-CBC | KAT | CAST | On Demand | Manually | Decrypt, verify | Pass: Exit self-test suite Fail: Device Degraded | Power up | Cert #A2099 | IG 10.3.A | AES, 256-bit, CBC |
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Indicator | Conditions | Coverage | Coverage Notes | Test Properties | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| RSA SigVer | RSA SigVer | Digital Signature Verification | SW/FW Load Test | On Demand | Programmatically | Verify | 3072-bit public key, 256-bit hash digest, OEM_Release Key | Pass: Boot to new image Fail: UEC error code | Firmware download | Cert #A2098, Cert #SHS 2942 | IG 10.3.A | |
| SHA2-256 | SHA2-256 | KAT | CAST | On Demand | Manually | Verify | Message, 256- bit hash digest | Pass: Next test Fail: Device Degraded | Power up | Cert #SHS 2942 | IG 10.3.A | |
| SP 800-38F KW | SP 800-38F KW | KAT | CAST | On Demand | Manually | Authenticate d Encrypt, verify | 256-bit KEK | Pass: Next test Fail: Device Degraded | Power up | Cert #A2098 | IG 10.3.A | |
| SP 800-38F KW | SP 800-38F KW | KAT | CAST | On Demand | Manually | Authenticate d Decrypt, verify | 256-bit KEK | Pass: Next test Fail: Device Degraded | Power up | Cert #A2098 | IG 10.3.A | |
| AES-CBC | AES-CBC | KAT | CAST | On Demand | Manually | Encrypt, verify | Pass: Next test Fail: Device Degraded | Power up | Cert #A2099 | IG 10.3.A | AES, 256-bit, CBC | |
| AES-CBC | AES-CBC | KAT | CAST | On Demand | Manually | Decrypt, verify | Pass: Exit self-test suite Fail: Device Degraded | Power up | Cert #A2099 | IG 10.3.A | AES, 256-bit, CBC | |
| RSA SigVer | RSA SigVer | Digital Signature Verification | CAST | On Demand | Programmatically | Verify Digital Signature | Pass: Boot to new image Fail: UEC error code | Firmware download | Cert #A2099 | IG 10.3.A | 3072-bit public key, 256-bit hash digest, sFFUPublicKey | |
| SHA2-256 | SHA2-256 | KAT | CAST | On Demand | Manually | Verify | Pass: Next test Fail: Device Degraded | Power up | Cert #A2099 | IG 10.3.A | Message, 256-bit hash digest |
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED Message, 256KAT OptiNAND Conditional Self-Tests The OptiNAND device performs the conditional self-test listed below. If any conditional self-test fails, the OptiNAND device executes a self-initiated reset or enters a Device Degraded error state. If the OptiNAND device enters a Device Degraded error state, the Cryptographic Module reports the error condition by transmitting an UEC error code to the host system. After entering the Device Degraded error state, the OptiNAND device does not process functional commands unless a power cycle occurs and clears the error state. Table 23 OptiNAND Conditional Self-Tests
| Name | Description | Role Access | Indicator | |
|---|---|---|---|---|
| Device Degraded | This error indicates that one of the conditional self-tests listed in Table 22 or Table 23 failed. In this state, the module no longer services any I/O command. The module only responds to non-I/O status inquiry commands. | Conditional test failure | UEC failure code | Power cycle |
| Device Unavailable | This error indicates that a boot initialization, security subsystem initialization or firmware integrity failure event occurred. See Table 20 and Table 21. In this state, the module no longer responds to any operator commands. | Pre-operational test failure | Device is unresponsive | Power cycle |
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED The Cryptographic Module does not enforce a policy that would result in the interruption of the module’s operations due to a periodic self-test. Table 24 Error States The operator may initiate an on-demand periodic self-test by power cycling the CM.
After initialization, the CM operates and powers up in isFIPS mode. Prior to configuring the CM to comply with isFIPS mode configuration requirements, it operates in a noncompliant state. Regardless, the CM functions as a Secure Erase Drive (SED) that is compliant with the TCG Storage SSC: Enterprise Specification [TCG Enterprise]. Installation and Initialisation: The Crypto Officer is responsible for executing a Take-Ownership scenario to configure the Cryptographic Module to operationally comply with operator site requirements and assure that the Cryptographic Module is compliant with FIPS 140-3 at SL2.
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED Informative Having the MSID Authentication Credential PIN electronically available to the operator constitutes a risk to the overall security of the Cryptographic Module. Therefore, the Crypto Officer should execute a Take-Ownership scenario the first time the Cryptographic Module is inserted into a system that replaces any Authentication Credential PIN that is set to the default MSID value with a value that is different from the MSID value and between 12 and 32 bytes in length. This assures compliance with ISO/IEC19790, Section 7.4.4 Authentication which states that, “…If default authentication data is used to control access to the module, then default authentication data shall [04.46] be replaced upon first-time authentication. This default authentication data does not need to meet the zeroisation requirements (7.9.7).” Take-Ownership Scenario Example
Delivery: The Cryptographic Officer shall inspect the tamper evident seal that covers the Cryptographic Module’s PCBA for evidence of tampering. See Figure
13 for an example of tamper evidence. If tamper evidence is apparent, the CO should return the module to Western Digital.
Hard disk drives are fragile. Do not drop or jar the drive. Hold the drive only by the enclosure.
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED HDD electronics are sensitive to static electricity. Do not remove the CM from its antistatic container until ready to install. The operator engaged in the installation process should wear an antistatic wrist strap to ground to assure the discharge static electricity from any item or surface that my touch the CM. Hold the drive only by the metal case surrounding the drive. Avoid contacting with the SAS connector. To assure proper installation and operation, verify all cooling requirements are met prior to initiating the installation instructions within the Ultrastar DC HC560 3.5-inch Serial Attached SCSI Hard Disk Drive Specification [Product Manual] and Ultrastar DC HC570 3.5-inch Serial Attached SCSI Hard Disk Drive Specification [Product Manual]. The Ultrastar DC HC560 3.5-inch Serial Attached SCSI Hard Disk Drive Specification [Product Manual] and Ultrastar DC HC570 3.5-inch Serial Attached SCSI Hard Disk Drive Specification [Product Manual] provides additional administrator guidance.
Inspect the CM for damage to the case or SAS connector. If the CM exhibits damage, return the CM for warranty replacement service. The Ultrastar DC HC560 3.5-inch Serial Attached SCSI Hard Disk Drive Specification [Product Manual] and Ultrastar DC HC570 3.5-inch Serial Attached SCSI Hard Disk Drive Specification [Product Manual] provide non-administrator guidance.
On power-up, if previously configured to comply with isFIPS mode, the Cryptographic Module automatically initializes to isFIPS mode without operator intervention. After successfully completing pre-operational and conditional self-tests, the CM transitions to an Approved mode operational state. In this state, the module awaits service requests from the operator. The implemented security features protect against remote and physical attacks across the complete product cycle from manufacturing build time to returns and failure analysis. The secure firmware boot and firmware download process assure firmware image integrity and prevents compromised firmware attacks. These features prevent the counterfeiting of the CM, hacking and unauthorized access to CM ports. The authentication scheme enforces port restrictions for processes that are only allowed within a secure manufacturing environment. These security features utilize cryptographically secure messages to block unauthorized access to CM ports and imposes manufacturing command set restrictions. The CM utilizes a cryptographic encryption and HMAC signing scheme to assure the protection of all SSPs stored outside the ACM RoT. Rules of Operation
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED
The CM does not require periodic maintenance actions to maintain functional or secure operation.
All CSPs stored within the volatile memory of the CM’s ACM RoT are inaccessible from outside the ACM RoT. The CM encrypts and signs all CSPs before storing them in volatile or non-volatile memory outside ACM RoT. Removing power instantaneously erases all CSPs stored within the CM’s volatile memory. Prior to the environmentally disposal of the CM owner should cryptographically erase the CM. For this purpose, the CM supports the TCG Opal Revert method [TCG Opal]. Revert enables the CM’s owner to cryptographically erase all CSPs and overwrite existing TCG settings to the default values that were set during manufacturing. If environmental disposal requirements require the zeroization of the Root Keyset, which consists of the Root Encryption Key and Root Signing Key, the CM owner must return the CM to Western Digital. Western Digital’s proprietary Secure Manufacturing Reconfiguration Process supports Root Keyset zeroization.
The Cryptographic Module lacks features to mitigate any specific attacks beyond the scope of the requirements within FIPS 140-3 SL2.
The Security Policy refers to the following specifications, references, and definitions.
| Name | Term | Definition | Abbreviation | Specification Name |
|---|---|---|---|---|
| [FIPS 197] | [FIPS 197] | Advanced Encryption Standard, FIPS PUB 197, NIST, May 2023 | ||
| [FIPS 186] | [FIPS 186] | Digital Signature Standard, FIPS PUB 186-5, NIST, February 2023 | ||
| [FIPS 140] | [FIPS 140] | Security Requirements for Cryptographic Modules, FIPS PUB 140-3, NIST, March 2019 | ||
| [FIPS 140 IG] | [FIPS 140 IG] | Implementation Guidance for FIPS 140-3 and the Cryptographic Module Validation Program, August 2024 | ||
| [FIPS 198] | [FIPS 198] | The Keyed-Hash Message Authentication Code, FIPS PUB 198-1, July 2008 | ||
| [FIPS 180] | [FIPS 180] | Secure Hash Standard (SHS), FIPS PUB 180-4, NIST, August 2015 | ||
| [SP 800 38A] | [SP 800 38A] | Recommendation for Block Cipher Modes of Operation: Methods and Techniques, NIST, December 2001 | ||
| [SP 800 38E] | [SP 800 38E] | Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices, NIST, January 2010 | ||
| [SP 800 38F] | [SP 800 38F] | Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping, NIST, December 2012 | ||
| [SP 800 57] | [SP 800 57] | Recommendation for Key Management – Part I General (Revision 5), NIST, May 2020 | ||
| [SP 800 88] | [SP 800 88] | Guidelines for Media Sanitization (Revision 1), NIST, December 2014 | ||
| [SP 800 90A] | [SP 800 90A] | Recommendation for Random Number Generation Using Deterministic Random Bit Generators (Revision 1), NIST, June 2015 | ||
| [SP 800 90B] | [SP 800 90B] | Recommendation for the Entropy Sources Used for Random Bit Generation, NIST, January 2018 | ||
| [SP 800 131A] | [SP 800 131A] | Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths (Revision 2), NIST, March 2019 | ||
| [SP 800 132] | [SP 800 132] | Recommendation for Password-Based Key Derivation, NIST, December 2010 | ||
| [SP 800 133] | [SP 800 133] | Recommendation for Cryptographic Key Generation (Revision 2), NIST, June 2020 | ||
| [SP 800 140B] | [SP 800 140B] | Cryptographic Module Validation Program (CMVP) Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B (Revision 1), NIST, November 2023 | ||
| [SP 800 140C] | [SP 800 140C] | CMVP Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759 (Revision 2), NIST, July 2023 | ||
| [SP 800 140D] | [SP 800 140D] | CMVP Approved Sensitive Security Parameter Generation and Establishment Methods: CMVP Validation Authority Updates to ISO/IEC 24759 (Revision 2), NIST, July 2023 | ||
| [TCG Core] | [TCG Core] | TCG Storage Architecture Core Specification, Version 2.01 Revision 1.00 (August 5, 2015)) | ||
| [TCG Enterprise] | [TCG Enterprise] | TCG Storage Security Subsystem Class: Enterprise Specification, Version 1.01 Revision 1.00 (August 5, 2015) | ||
| [TCG Ent App Notes] | [TCG Ent App Notes] | TCG Storage Application Note: Encrypting Storage Devices Compliant with SSC: Enterprise, Version 1.00 Revision 1.00 Final | ||
| [TCG Opal] | [TCG Opal] | TCG Storage Security Subsystem Class: Opal Specification, Version 2.01, Final Revision 1.00 (August 5, 2015) | ||
| [TCG SIIS] | [TCG SIIS] | TCG Storage Interface Interactions Specification (SIIS), Version 1.07, (January 30, 2018) | ||
| [PSID] | [PSID] | TCG Storage Opal SSC Feature Set: PSID, Specification Version 1.00, Final Revision 1.00 (August 5, 2015) | ||
| [SCSI Core] | [SCSI Core] | SCSI Primary Commands (SPC-6), Revision 6, October 2021 | ||
| [SCSI Block] | [SCSI Block] | SCSI Block Commands (SBC-4), Revision 22, 29 September 2020 | ||
| [SAS] | [SAS] | Serial Attached SCSI (SAS-3), Revision 6, November 2013 | ||
| [SFSC] | [SFSC] | Security Features for SCSI Commands, Revision 2, September 2015 | ||
| [Product Manual] | [Product Manual] | Ultrastar DC HC560 3.5-inch Serial Attached SCSI Hard Disk Drive Specification, Version 1.1 (April 2022), https://www.westerndigital.com/support | ||
| [Product Manual] | [Product Manual] | Ultrastar DC HC570 3.5-inch Serial Attached SCSI Hard Disk Drive Specification, Version 1.2 (September 2023), https://www.westerndigital.com/support | ||
| [Datasheet] | [Datasheet] | Ultrastar DC HC560 Datasheet, (July 2022), D018-000383-AA02, https://www.westerndigital.com/support | ||
| [Datasheet] | [Datasheet] | Ultrastar DC HC570 Datasheet, (August 2022), D018-000537-AA01, https://www.westerndigital.com/support | ||
| Abbreviation | Abbreviation | Reference Name | ||
| [IETF] | [IETF] | IETF RFC 2119, 1997, “Key words for use in RFCs to Indicate Requirement Levels.” | ||
| [PW] | [PW] | Calculating Password Entropy: https://www.pleacher.com/mp/mlessons/algebra/entropy.html | ||
| [ISO 19790] | [ISO 19790] | ISO/IEC 19790, Information technology - Security techniques - Security requirements for cryptographic modules, International Organization for Standardization (ISO), December 2015 | ||
| Access Control Entry (ACE) | Access Control Entry (ACE) | Access control entries are entries in an access control list containing information describing the access rights | ||
| Access Control List (ACL) | Access Control List (ACL) | Access control list refers to the permissions attached to an object that specify which users have access to that object and the operations the user can perform. | ||
| Allowed | Allowed | NIST approved, i.e., recommended in a NIST Special Publication, or acceptable, i.e., no known security risk as opposed to deprecated, restricted, and legacy use. [SP 800 131A] |
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED
| Name | Definition | |||||||
|---|---|---|---|---|---|---|---|---|
| Anybody | A formal TCG term for an unauthenticated role. [TCG Core] | |||||||
| Approved mode of operation | A mode of the Cryptographic Module that employs only approved security functions. [FIPS 140] | |||||||
| Approved | [FIPS 140] approved or recommended in a NIST Special Publication. | |||||||
| Authenticate | Prove the identity of an Operator or the integrity of an object. | |||||||
| Authentication Credential PIN | An authentication credential (i.e., a password) associated with the SID, Admin SP Admin1, Locking SP Admin or Locking SP User Authority as defined in the TCG Storage Security Subsystem Class Opal, Specification [TCG Core]. | |||||||
| Authorize | Grant an authenticated Operator access to a service or an object. | |||||||
| Ciphertext | Encrypted data transformed by an Approved security function. | |||||||
| Confidentiality | A cryptographic property that blocks disclosure of sensitive information to unauthorized parties. | |||||||
| Credential | A formal TCG term for data used to authenticate an Operator. [TCG Core] | |||||||
| Critical Security Parameter (CSP) | Security-related information (e.g., secret, and private cryptographic keys, and authentication data such as credentials and PINs) whose disclosure or modification can compromise the security of a Cryptographic Module. [FIPS 140] | |||||||
| Crypto Officer | An Operator performing cryptographic initialization and management functions. [FIPS140] | |||||||
| Cryptographic Boundary | An explicitly defined perimeter that establishes the boundary of all components (i.e. set of hardware, software, or firmware components) of the cryptographic module. [FIPS 140] | |||||||
| Cryptographic Key | A sequence of symbols that controls the operation of a cryptographic transformation. A cryptographic transformation can include but not limited to encipherment, decipherment, cryptographic check function computation, signature generation, or signature verification. | |||||||
| Cryptographic Module | The set of hardware, software, and/or firmware used to implement approved security functions contained within the cryptographic boundary. [FIPS 140] | |||||||
| Data at Rest | User data residing on the storage device media rather than in transition. | |||||||
| Discovery | A TCG method that provides the properties of the TCG device. [TCG Enterprise] | |||||||
| Download and Execute module (DLE) | The DLE verifies the OptiNAND firmware RSA signature. | |||||||
| Field Firmware Update (sFFU) | A secure Field Firmware Update replaces the firmware within an | iNAND | device. | |||||
| Global Active Keyset (AEK) | Set defined by the 256-bit Global Active Encryption Key and the 256-bit Global Active Signing Key | |||||||
| Hardware Security Module (HSM) | A hardware security module is a physical computing device that safeguards and manages digital keys, performs | |||||||
| encryption and decryption functions for digital signatures, strong authentication, and other cryptographic | ||||||||
| functions. | ||||||||
| IF-RECV | An interface command used to retrieve security protocol data from the TPer [TCG Core]. | |||||||
| IF-SEND | An interface command used to transmit security protocol data to the TPer [TCG Core]. | |||||||
| OptiNAND® | A Universal | F | lash Storage (UFS) embedded flash device | . | ||||
| Integrity | A cryptographic property that blocks the modification or deletion of sensitive in an unauthorized and undetected manner. | |||||||
| Interface | A logical entry or exit point of a Cryptographic Module that provides access to the Cryptographic Module for logical information flows. [FIPS 140] | |||||||
| Key Derivation Function (KDF) | An Approved cryptographic algorithm that derives one or more keys from a secret value and other information. | |||||||
| Key Encrypting Key (KEK) | A cryptographic key used to encrypt or decrypt other keys. |
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED
| Name | Definition | ||
|---|---|---|---|
| Key management | The activities involving the handling of cryptographic keys and other related security parameters during the entire life cycle of the Cryptographic Module. The handling of authentication data is representative of a key management activity. | ||
| Key Wrap | An Approved cryptographic algorithm that uses a KEK to provide Confidentiality and Integrity. | ||
| LBA Band | A formal term that defines a contiguous logical block range (sequential LBAs) to store encrypted User Data; bands do not overlap, and each has its own unique encryption key and other settable properties. | ||
| Manufactured SID (MSID) | A unique default value assigned to each SED during manufacturing. An externally visible MSID value is not required if the user can derive the MSID from other information printed on the drive. The MSID is readable with the TCG protocol. It is the initial and default value for all Authentication Credentials. [TCG Core] | ||
| Method | A remote procedure call to an SP that initiates an action on the SP. [TCG Core] | ||
| Object | An object is any row of an object table. The object type is defined by the object table in which the object occurs. The columns of the object table define the contents of each object in it. [TCG Core] | ||
| Object Table | Object tables provide storage for data that binds a set of methods and access controls to that data. [TCG Core] | ||
| ObjectUID | The Unique ID (UID) of an Object. Each object table has a column named UID. This column contains an 8- byte unique identifier for that row. [TCG Core] | ||
| OFS file | The CM uses an OFS file to reset the Cryptographic Module’s configuration back to its original factory setting during Revert and RevertSP operations. | ||
| One Time Programable (OTP) | OTP memory is a special type of write once read only non-volatile memory. | ||
| Operator | A consumer, either human or automation, of cryptographic services that is external to the Cryptographic Module. [FIPS 140] | ||
| Personal Identification Number (PIN) | A formal TCG term designating a string of octets used to authenticate an identity. [TCG Core] | ||
| Plaintext | Unencrypted data. | ||
| Port | A physical entry or exit point of a Cryptographic Module that. A port provides access to the Cryptographic Module’s physical signals. [FIPS 140] | ||
| PSID (Physical Security Identifier) | A SED unique value printed on the Cryptographic Module’s label used as authentication data and proof of physical presence for the Zeroise Service. | ||
| Public Security Parameters (PSP) | Public information, that if modified can compromise the security of the Cryptographic Module (e.g., a public key). | ||
| Read Data | An external request to transfer User Data from the SED. [SCSI Block] | ||
| Reserved Area | Internal data on the storage medium within the cryptographic boundary that is not accessible to an operator. | ||
| Root Keyset | A set of 256-bit keys that consist of the Root Encryption Key and Root Signing Key. | ||
| SD_CA Key | Storage Device Certification Authority Key (X509v3). This key serves as the Cryptographic Module’s Master RSA Public Key and is the root source of verification for all other key certificates. The SD_CA Key signs the SecureLoader. A manufacturing process injects the SD_CA Key within the CM and stores a hash of the SD_CA Key in OTP memory | ||
| Secure Field Firmware Update (sFFU) | OptiNAND firmware update image. | ||
| Security Identifier (SID) | The authority that represents the TPer owner. Crypto Officer serves in this role. [TCG Core] | ||
| Security Provider (SP) | A TCG term used to define a collection of Tables and Methods with access control. | ||
| SED Active Keyset | A set of 256-bit keys that consists of the SED Active Encryption Key and the SED Active Signing Key. | ||
| SED AdminSP Active Keyset | A set of 256-bit keys that consists of the SED AdminSP Active Encryption Key and the SED AdminSP Active Signing Key. |
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED
| Name | Term | Definition | Definition |
|---|---|---|---|
| AEK | AEK | Active Encryption Key | |
| AEN | AEN | Asynchronous Event Notification | |
| AES | AES | Advanced Encryption Standard (FIPS 197) | |
| ACE | ACE | Access Control Entry | |
| ACL | ACL | Access Control List | |
| CBC | CBC | Cipher Block Chaining, an operational mode of AES | |
| CM | CM | Cryptographic Module | |
| CO | CO | Crypto Officer [FIPS 140] | |
| CRC | CRC | Cyclic Redundancy Check | |
| DEE | DEE | Data Encryption Engine | |
| DLE | DLE | OptiNAND Download and Execute firmware | |
| DRAM | DRAM | Dynamic Random Access Memory | |
| DRBG | DRBG | Deterministic Random Bit Generator | |
| EDC | EDC | Error Detection Code | |
| EMI | EMI | Electromagnetic Interference | |
| FID | FID | Flash Internal Data | |
| FIPS | FIPS | Federal Information Processing Standard | |
| FSEC | FSEC | Flash Security Data | |
| HDD | HDD | Hard Disk Drive | |
| HSM | HSM | Hardware Security Module | |
| IV | IV | Initialization Vector | |
| KAT | KAT | Known Answer Test | |
| KDF | KDF | Key Derivation Function | |
| KEK | KEK | Key Encrypting Key | |
| LBA | LBA | Logical Block Address | |
| MEK | MEK | Media Encryption Key | |
| MSID | MSID | Manufactured Security Identifier | |
| NAND | NAND | Negative AND Flash Memory technology | |
| NIST | NIST | National Institute of Standards and Technology | |
| NOR | NOR | Negative OR Flash Memory technology | |
| OFS | OFS | Original Factory Setting | |
| OTP | OTP | One Time Programable | |
| PBKDF2 | PBKDF2 | Password Base Key Derivation Function | |
| PIN | PIN | Personal Identification Number | |
| POR | POR | Power on Reset | |
| PSID | PSID | Physical Security Identifier | |
| PSP | PSP | Public Security Parameter | |
| RID | RID | Reserved Area Internal Data |
| Name | Definition | ||
|---|---|---|---|
| SED Global Active Keyset | A set of 256-bit keys that consists of the Global Active Encryption Key (AEK) and the Global Active Signing Key. | ||
| SED LockingSP Active Keyset | A set of 256-bit keys that consists of the SED LockingSP Active Encryption Key and the SED LockingSP Active Signing Key. The keyset protects TCG protocol LockingSP CSPs. | ||
| SED Volatile Keyset | A set of 256-bit keys that consists of the SED Volatile Key and the SED Volatile Signing Key. | ||
| Self-Encrypting Drive (SED) | A storage device that provides data storage services, which automatically encrypts all user data written to the device and automatically decrypts all user data read from the device. | ||
| Session | A formal TCG term that envelops the lifetime of an Operator’s authentication. [TCG Core] | ||
| Small Form Factor (SFF) | Small form factor is a computer form factor designed to minimize the volume and footprint of a desktop | ||
| computer. | |||
| Storage Medium | The non-volatile, persistent storage location within a SED partitioned into disjointed sets defined by a User Data area, and a Reserved Area. | ||
| Table | The basic data structures within a Security Provider (SP). Object tables store persistent SP state data defined in TCG Core specification. [TCG Core] | ||
| TableUID | The Unique ID (UID) of a Table. Each object table has a column named UID. This column contains an 8- byte unique identifier for that row. [TCG Core] | ||
| TPer | A Trusted Peripheral. The TPer manages trusted storage-related functions and data structures. [TCG Core] | ||
| TPer Owner | The SID Authority (Crypto Officer) represents TPer Owner. | ||
| Triple Level Cell (TLC) | Triple level cells refer to NAND flash devices that store three bits of information per cell, with eight total voltage states. | ||
| User Data | Data transferred from/to a SED using the Read Data and Write Data commands. [SCSI Block] | ||
| User | An Operator that consumes cryptographic services. [FIPS 140] | ||
| Write Data | An external request to transfer User Data to a SED. [SCSI Block] | ||
| Zeroise | Invalidate a Critical Security Parameter. [FIPS 140] |
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED
| Name | Term | Definition | |
|---|---|---|---|
| SAS | SAS | Serial Attached SCSI | |
| SCSI | SCSI | Small Computer System Interface | |
| SD_CA | SD_CA | Storage Device Certification Authority | |
| SECD | SECD | Security Data | |
| SED | SED | Self-Encrypting Drive | |
| SFF | SFF | Small Form Factor | |
| sFFU | sFFU | Secure Field Firmware Update | |
| SID | SID | Security Identifier, The TCG authority representing the TPer Owner (Cryptographic Officer) | |
| SIO | SIO | Serial Input/Output | |
| SOC | SOC | System-on-a-Chip | |
| SP | SP | Security Provider [TCG Core], also Security Policy [FIPS 140] | |
| SSC | SSC | Subsystem Class | |
| SWG | SWG | Storage Work Group | |
| TCG | TCG | Trusted Computing Group | |
| TLC | TLC | Triple Level Cell | |
| UEC | UEC | Universal Error Code | |
| UID | UID | Unique Identifier | |
| XTS | XTS | A mode of AES that utilizes | "Tweakable" block ciphers |
Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED