All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Ultrastar DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED

Certificate#4802StandardFIPS 140-3Level2TypeHardwareEmbodimentMulti-Chip EmbeddedStatusActiveVendorWestern Digital Technologies, Inc.
Low review priority  ·  exposes boot-chain verification, firmware-update authentication, debug/recovery interface  ·  last validated 18 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level2
Module typeHardware
EmbodimentMulti-Chip Embedded
StatusActive
Sunset date9/15/2029
CaveatInterim validation. When installed, initialized and configured as specified in Section 11.1 of the Security Policy. No operator authentication is enforced for executing security services that were unlocked by an authenticated service
VendorWestern Digital Technologies, Inc.
Hardware versionsWUH722020BL4205 [1, 2, 3, 4], WUH722020BL5205 [1, 2, 3, 4], WUH722222BL4205 [3, 5], WUH722222BL5205 [3, 5]

Approved Algorithms (18)

AlgorithmACVP Cert
AES-CBCA2099
AES-CBCAES 3580
AES-ECBA2101
AES-ECBAES 3580
AES-KWPA2098
AES-XTSA2101
AES-XTSAES 3580
Counter DRBGA2098
HMAC-SHA-1HMAC 2280
HMAC-SHA2-224HMAC 2280
HMAC-SHA2-256HMAC 2280
PBKDFA2100
RSA SigVer (FIPS186-4)A2098
RSA SigVer (FIPS186-4)A2099
SHA-1SHS 2942
SHA2-224SHS 2942
SHA2-256A2099
SHA2-256SHS 2942

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification2
Cryptographic Module Interfaces2
Roles, Services, and Authentication4
Software/Firmware Security2
Operational EnvironmentN/A
Physical Security2
Sensitive Security Parameter Management2
Self-Tests2
Life-Cycle Assurance1
Mitigation of Other AttacksN/A

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Ultrastar DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>RY07 [1], R5G4 [2], RG01 [3], VM18 [4], R7J4 [5]</i>"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>upgrade<br/>update</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Decryption<br/>Encryption<br/>OptiNAND_Descr ambler</i>"]
    C4["[high] Physical/logical<br/>interfaces (some 'blocked<br/>in firmware')<br/><i>SAS Connector SIO Serial Port Connector UART</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I4["Interface reachability may<br/>vary by boot stage and<br/>lifecycle state."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R4["Are interfaces blocked<br/>before the bootloader<br/>runs, or only after<br/>approved mode starts?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E4["lifecycle reachability<br/>matrix · boot-stage<br/>interface timing ·<br/>factory/recovery/error-state<br/>access controls"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C1 --> I1 --> R1 --> E1
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C4 --> I4 --> R4 --> E4
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C1,C2,C3,C4,C5,C6 clue;
  class I1,I2,I3,I4,I5,I6 infer;
  class R1,R2,R3,R4,R5,R6 risk;
  class E1,E2,E3,E4,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Ultrastar DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>RY07 [1], R5G4 [2], RG01 [3], VM18 [4], R7J4 [5]</i><br/>src: certificate.firmwareVersions"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>upgrade<br/>update</i><br/>src: text:keyword"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>Decryption<br/>Encryption<br/>OptiNAND_Descr ambler</i><br/>src: securityPolicy.services"]
    C4["[high] Physical/logical interfaces (some 'blocked in firmware')<br/><i>SAS Connector SIO Serial Port Connector UART</i><br/>src: securityPolicy.portsAndInterfaces"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C1,C3,C4 clueHigh;
  class C2,C5,C6 clueLow;

Security Policy, page by page

Page 1

Vendor name Western Digital Technologies, Inc. Module Name Ultrastar DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED Document Version: 1.6 Date: October 16, 2024 Protection of Data at Rest © 2024 Western Digital Corporation or its affiliates. Public Material - May be reproduced only in its original entirety [without revision].

Page 2

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED Table of Contents

Page 3

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED Tables

Page 4

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED Figures

Page 5
Security level
NameISO SectionRequirementLevel
11General2
22Cryptographic Module Specification2
33Cryptographic Module Interfaces2
44Roles, Services and Authentication2
55Software/Firmware Security2
66Operational EnvironmentN/A
77Physical Security2
88Non-invasive securityN/A
99Sensitive Security Parameter Management2
1010Self-Tests2
1111Life-cycle Assurance2
1212Mitigation of Other AttacksN/A
Overall LevelOverall Level2

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED 1.1 Overview This document is the non-proprietary FIPS 140-3 Security Policy for the Ultrastar® DC HC560 TCG Enterprise HDD SED and Ultrastar® DC HC570 TCG Enterprise HDD SED. It contains the security rules under which each module must operate and describes how each module meets the requirements as specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication 140-3) for an overall Security Level 2 module. 1.2 Security Levels The FIPS 140-3 security levels for the Module are as follows. Table 1 Security Levels N/A N/A N/A The Western Digital Ultrastar DC HC560 TCG Enterprise HDD SED, hereafter referred to as Ultrastar DC HC560, Cryptographic Module, cryptographic module, or CM, and the Western Digital Ultrastar DC HC570 TCG Enterprise HDD SED, hereafter referred to as Ultrastar DC HC570, Cryptographic Module, cryptographic module, or CM are self-encryption drives (SED) that comply in general with the specifications listed in 13.2 Trusted Computing Group Specifications and specifically with the TCG Storage Architecture Core Specification [TCG Core] with the Trusted Computing Group (TCG) Storage Security Subsystem Class (SSC): Enterprise Specification [TCG Enterprise]. The TCG Storage SSC: Enterprise Specification defines a management interface for host application software to activate, provision, and manage encryption of user data. The specification includes data structures and their required content, and mechanisms for managing and configuring Authentication Credentials and access controls. The security architecture provides a locking mechanism by which an Authentication Credential (i.e., a password) can be set by an operator to enable control of access to user data. After an operator authenticates to the appropriate role and locks access to user data access user data is inaccessible. This implementation complies with the lock-based authentication model specified in IG 4.1.A.

Page 6

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED 2.1 Description Purpose and Use The Cryptographic Module’s intended use is by US Federal agencies or other markets that require FIPS 140-3 validated hardware modules. The primary function of the Cryptographic Module is to provide data encryption, access control, and cryptographic erase of the data stored on the hard drive media within the CM. The operator of the Cryptographic Module interfaces with the Cryptographic Module through application software that resides within a host system. Module Type Module Type Hardware Module Embodiment Module Embodiment Multiple-chip embedded Module Characteristics Module Characteristics Figure 1 illustrates a logical view of the CM’s firmware components. The Security Core partition is the most secure portion of the security subsystem. It forms a security boundary that provides assurances of firmware integrity and SSP integrity within the CM. The Security Protocol and Services partition contains the TCG Storage SSC: Enterprise SCC security protocol. Components in this ring communicate to the Security Core firmware through a Security Core API. The Security Application Client firmware, typically referred to as “Base Firmware” interfaces with the Security Protocol and Services firmware, provides adapters for the security subsystem support and implements a perimeter defense of the system based on security state. Specifically, the enforcement of port and command controls for manufacturing commands, firmware download control enforcement and boot up signature checks resides within the Security Application Client firmware layer. The Cryptographic Module operates within a limited operational environment. While operational, the Cryptographic Module prohibits operator or process-initiated additions, deletions, or modification of the code working set. For firmware upgrades, the Cryptographic Module uses an authenticated download service, which complies with ISO 19790 7.4.3.4, to upgrade the mutable firmware in its entirety. The immutable security firmware stored in ROM, which is essential and integral to the operation of the module is nonmodifiable. If the download operation is successful, authorized, and verified, the Cryptographic Module will begin operating with the new code working set after successfully executed all required pre-operational self-tests that comply with ISO 19790 7.10.2. Firmware loaded into the module that is not on the FIPS 140-3 certificate is out of the scope of this validation and requires a separate FIPS 140-3 validation. The Cryptographic Module’s security design utilizes common security protections, policies, and processes. It utilizes a hardware security Access Control Module (ACM) that incorporates a hardware Root of Trust (RoT). Security firmware leverages the RoT, hardware cryptographic algorithms and accelerators to implement a secure environment that assures firmware integrity, port access and the secure storage of plaintext secrets, user data, keys, and Sensitive Security Parameters (SSP) within the Cryptographic Module. The Cryptographic Module only supports approved security functions defined in NIST SP 800-140C and SP 800-140D. The hardware Root of Trust assures,

  1. The isolation of security firmware and sensitive security parameters from Security Application Client firmware or firmware installed on embedded components within the cryptographic boundary,
  2. The verification of cryptographic module firmware and security objects before usage,
  3. A Key Management tree that secured by a root key stored in HW RoT OTP bits,
  4. Support for a HW based Symmetric Key Generation,
  5. Cryptographic Algorithm Acceleration and
  6. End-to-End Protect between ACM & Key Server.
Page 7

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED Security Application Client Security Protocol and Services Security Core Data and Control Input Data and Status Output Host System Figure 1 - Security Subsystem Components Cryptographic Boundary Figure 2 and Figure 3 depict the physical form of each CM within the scope of this security policy document. The CM is a multi-chip embedded embodiment. The hard opaque surface of the enclosure defines the cryptographic boundary. All components within this boundary satisfy FIPS 140-3 requirements. The Cryptographic Module firmware disables the SIO port pins outlined by the red box to the right of the SAS connector in Figure 2 and Figure 3. Tested Operational Environment’s Physical Perimeter (TOEPP) Tested Operational Environment’s Physical Perimeter (TOEPP)

Page 8
Module configuration
NameModelHardware VersionFirmware VersionProcessorFeatures#
1Ultrastar DC HC560WUH722020BL4205RY07, R5G4, RG01, VM18ARM Cortex M3, ARM Cortex-R8, Synopsys ARC HS36N/A1
2Ultrastar DC HC560WUH722020BL5205RY07, R5G4, RG01, VM18ARM Cortex M3, ARM Cortex-R8, Synopsys ARC HS36N/A2
1Ultrastar DC HC570WUH722222BL4205R7J4, RG01ARM Cortex M3, ARM Cortex-R8, Synopsys ARC HS36N/A1
2Ultrastar DC HC570WUH722222BL5205R7J4, RG01ARM Cortex M3, ARM Cortex-R8, Synopsys ARC HS36N/A2

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED 2.2 Tested and Vendor Affirmed Module Version and Identification Tested Module Identification - Hardware The Ultrastar DC HC560 cryptographic module is tested on the following operational environment. # N/A N/A The Ultrastar DC HC570 cryptographic module is tested on the following operational environment. # 2.3 N/A N/A Excluded Components The Ultrastar DC HC560 components listed below and identified in Figure 4 and Figure 5 are excluded from the cryptographic boundary.

Page 9
ExclusionRationale
excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements.
5V viaThe voltage level on the 5V circuit is dependent on the presence of voltage on the 5V_EFUSE circuit. An N-channel Power MOSFET isolates the 5V circuit from the 5V_EFUSE circuit. A MOSFET failure will cause the voltage on the 5V circuit to drop to 0V. This results in the immediate shutdown of the CM. Therefore, the 5V via satisfies the excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements.
5V_EFUSE viaThe 5V_EFUSE circuit connects to the output of an integrated dual electronic eFuse, designed to protect circuitry from overcurrent and overvoltage events, in applications that require hot swap operation and in-rush current control. If the electronic eFUSE device fails, the voltage on the 5V_EFUSE circuit drops to 0V. This results in the immediate shutdown of the CM. Therefore, the 5V _EFUSE via satisfies the excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements.
5V_PREAMP viaThe 5V_PREAMP via connects to the 5V_EFUSE circuit though a zero-ohm resistor. Any failure of the 5V_EFUSE circuit to supply 5V or a failure of the zero-ohm resistor causes the voltage on the 5V_PREAMP circuit to drop 0V. This results in the immediate shutdown of the CM. Therefore, the 5V_PREAMP via satisfies the excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements.
INAND_VCCQ2 viaThe voltage level of the INAND_VCCQ2 depends on a functioning synchronous step-down DC/DC converter, which is dependent on the presence of voltage on the 5V_EFUSE circuit and V3.3_PLR3 circuit. A 5V_EFUSE circuit failure, V3.3_PLR3 circuit failure, or DC/DC converter component failure causes the voltage on the INAND_VCCQ2 circuit to drop to 0V. The INAND_VCCQ2 circuit supplies power to the serial boot flash device. The CM fails to bootup if the INAND_VCCQ2 drops to 0V. Therefore, the INAND_VCCQ2 via satisfies the excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements.
V3.3_PLR3 viaV3.3_PLR3 is dependent on the presence of 5 volts on the +5V_EFUSE net, which supplies power to a Power Large Scale Integrated (PLSI) circuit device. Any failure of the 5V_EFUSE circuit to supply 5V or a failure of the PLSI device causes the voltage on the V3.3_PLR3 circuit to drop 0V. This results in the immediate shutdown of the CM. Therefore, the V3.3_PLR3 via satisfies the excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements.
AUX_IN viaThe voltage level on the AUX_IN circuit allows the SoC9 ASIC to determine the temperature of the disk enclosure. The CM initiates a thermal safety shutdown if the temperature is outside the normal operating range the CM automatically shuts down. Therefore, the AUX_IN via satisfies the excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements.
Drive Motor Control CableThe Drive Motor Control Cable is a three-conductor ribbon cable that serves a mechanical purpose. The three conductors, designated SPN_A, SPN_B, and SPN_C provide drive spindle rotor position data to the Spindle Driver within PLSI device. Therefore, the Drive Motor Control Cable satisfies the excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements.

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED

Page 10
ExclusionRationale
5V_EFUSE viaThe 5V_EFUSE circuit connects to the output of an integrated dual electronic eFuse, which connects to ground through a capacitor. The eFuse device protects circuitry from overcurrent and overvoltage events, in applications that require hot swap operation and in-rush current control. If the electronic eFUSE device fails or the capacitor shorts to ground, the voltage on the 5V_EFUSE circuit drops to 0V. This results in the immediate shutdown of the CM. Therefore, the 5V _EFUSE via satisfies the excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements.

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED Figure 4 - Excluded Components, Ultrastar DC HC560 Figure 5 - Excluded Components, Ultrastar DC HC560 The Ultrastar DC HC570 components listed below and identified in Figure 6, Figure 7 and Figure 8 are excluded Table 3 Ultrastar DC HC570 Exclusions

Page 11
ExclusionRationale
INAND_VCC_X viaINAND_VCC_X circuit powers the OptiNAND device. INAND_VCC_X derives from INAND_VCC through a fuse. The output of the fuse connects to ground through two capacitors. If the fuse opens or either capacitor shorts to ground, the OptiNAND loses power and shuts down. CM responds by inhibiting writes to the CM. Therefore, the INAND_VCC_X via satisfies the excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements.
J2_VEE viaJ2_VEE supplies -3V supply to the preamp chip in the head assembly through an inductor. If the inductor fails and the preamp input voltage drops to 0V, read/write functions to the disk media are disabled. This renders user data inaccessible. Therefore, the J2_VEE via satisfies the excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements.
READY_LED viaREADY_LED circuit serves as a status indicator that is within the scope of the Status Port. Therefore, the READY_LED via satisfies the excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements.
SIOEN_AE viaThe SIOEN_AE signal enables serial communication between the SoC9 ASIC and the preamp chip in the head assembly. A malfunction by the SoC ASIC or lose of the direct connection between the SoC9 ASIC to the preamp chip prevents the proper setup of read/write functionality. This renders user data inaccessible. Therefore, the SIOEN_AE via satisfies the excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements.
SWDCLK viaSWDCLK circuit provides a debug clock signal for the ARM JTAG Interface port. The ARM JTAG Interface port is disabled in production drives for use in the field. Therefore, the SWDCLK via satisfies the excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements.
V3.3_PLR3 viaV3.3_PLR3 is dependent on the presence of 5V on the +5V_EFUSE net, which supplies power to a Power Large Scale Integrated (PLSI) circuit device. V3.3_PLR3 is sourced from the 3.3V linear regulator output of the KOI PLSI. Any failure of the 5V_EFUSE circuit to supply 5V or a failure of the PLSI device causes the voltage on the V3.3_PLR3 circuit to drop 0V. V3.3_PLR3 connects to ground through a capacitor. If the capacitor shorts to ground the PLSI immediately shuts down. Either failure mode results in the immediate shutdown of the CM. Therefore, the V3.3_PLR3 via satisfies the excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements.
WRP viaWRP and WRM form a differential pair connected to the head assembly’s Write Channel. The loss of the direct connection between the WRP output of the SoC9 ASIC to the head assembly significantly reduces the robustness of the transmitted data. The inability to cancel electromagnetic interface present on the differential pair could cause the corruption of user data written to disk media. The corruption of user data cannot compromise the SSPs stored within CM. Therefore, the WRP via satisfies the excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements.
Drive Motor Control CableThe Drive Motor Control Cable is a three-conductor ribbon cable that serves a mechanical purpose. The three conductors, designated SPN_A, SPN_B, and SPN_C provide drive spindle rotor position data to the Spindle Driver within PLSI device. Therefore, the Drive Motor Control Cable satisfies the excluded components requirements in 7.2.3.1 Cryptographic boundary general requirements.

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED

Page 12

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED Figure 6 - Excluded Components, Ultrastar DC HC570 Figure 7 - Excluded Components, Ultrastar DC HC570

Page 13
Service
NameDescriptionIndicator
isFIPSThe cryptographic module is operating as a compliant FIPS 140-3 module1. The Level 0 Discovery1 service returns a value of 1 from the in FIPS2 global indicator data field and 2. The Firmware Download Control LockOnReset field is set to PowerCycle3and 3. For each configured BandMaster4, the state of each listed attribute is set as shown below. • LockOnReset = PowerCycle • ReadLockEnabled = True • WriteLockEnabled = TrueApproved

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED Figure 8 - Excluded Components, Ultrastar DC HC570 2.4 Modes of Operation Table 4 Modes of Operation Section 11.1 of this document specifies the recommended and mandatory steps necessary for the secure installation, responsible for assuring that the mandatory configuration requirements remain unchanged. When correctly configured the Cryptographic Module always powers up isFIPS mode. The cryptographic module does not support non-approved or non-allowed security functions. Mode Change Instructions and Status: Table 4 specifies the conditions that must be true for the Cryptographic Module to operate in isFIPS mode. Any action by the operator that negates the PowerCycle setting of the Firmware Download Control's LockOnReset field transitions the CM to a noncompliant state. Any action by the operator that negates the attribute setting, specified in

1 See the Level 0 Discovery’ Vendor Specific Data section of the Ultrastar DC HC560 3.5-inch Serial Attached SCSI Hard Disk Drive

Specification [Product Manual] or Ultrastar DC HC570 3.5-inch Serial Attached SCSI Hard Disk Drive Specification [Product Manual] for guidance.

3 See the Ports section of the Ultrastar DC HC560 3.5-inch Serial Attached SCSI Hard Disk Drive Specification [Product Manual] or Ultrastar

DC HC570 3.5-inch Serial Attached SCSI Hard Disk Drive Specification [Product Manual] for guidance.

4 See the TCG Storage SSC: Enterprise Specification [TCG Enterprise] for guidance.

Page 14
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
AES [FIPS 197]AES 35805CBC [SP 800 38A]Key Size: 128, 256 Key Strength: 128 bits, 256 bitsEncryption and Decryption of SSPs.Avago Technologies
ECB [SP 800 38A]ECB [SP 800 38A]Key Size: 128, 256 Key Strength: 128 bits, 256 bitsEncryption and Decryption, AES KWP.
XTS [SP 800 38E]XTS [SP 800 38E]Key Size: 128, 256 Key Strength: 128 bits, 256 bitsNot used
AES [FIPS 197]A2098KWP [SP 800 38F] ECB [SP 800 38A]Forward Payload Length: 96- 1024, Increment 8 Key Size: 256 Key Strength: 256Authenticated Encryption, Authenticated Decryption of Root Signing Key.Western Digital Corporation
AES [FIPS 197]A2099CBC [SP 800 38A]Key Size: 256 Key Strength: 256 bitsDescrambles OptiNAND sFFU firmware image.Western Digital Corporation
AES [FIPS 197]A2101ECB [SP 800 38A]Key Size: 128, 256 Key Strength: 128, 256 bitsEncryption, Decryption, DEE self-tests.Western Digital Corporation
XTS [SP 800 38E]XTS [SP 800 38E]Payload Length: 4096 – 32768 Increment: 128 Tweak Mode: Number Key Size: 128, 256 Key Strength: 128, 256 bitsEncryption and Decryption of data-at-rest.
DRBG [SP 800 90A]A2098CTRMode: AES-256 Derivation Function: True Prediction Resistance: False Key Size: 256 Key Strength: 256 bitsDeterministic Random Bit Generation Security Strength = 256Western Digital Corporation
HMAC [FIPS 198]HMAC 2280SHA-1Message Length: 8- 51200, Increment: 8 Key Size: 160 Key Strength: 160 bitsNot usedAvago Technologies
SHA2-224SHA2-224Message Length: 8- 51200, Increment: 8 Key Size: 224 Key Strength: 224 bitsNot used
SHA2-256SHA2-256Message Length: 8- 51200, Increment: 8 Key Size: 256 Key Strength: 256 bitsMessage Authentication of signed encrypted SSPs, PBKDF2 derived key generation
PBKDF2 [SP 800 132]A2100Option 2aMaster Key Generation Type: Option 2a Iteration Count: 2 - 1024 with Increment 1 HMAC Algorithm: SHA2-256 Password Length: 32 Salt Length: 128-512 with Increment 8 Key Data Length: 256 - 4096 with Increment: 256 Key Strength: 256Password based key derivation function using HMAC-SHA2-256 (Cert #HMAC 2280). The derived generated keys, K , and K, encrypt data u a protection keys used in a data storage application.Western Digital Corporation
RSA SigVer [FIPS 186]A2098PSSSignature Type: PKCSPSS Hash Algorithm: SHA2-256 Modulo: 3072 Key Strength: 128 bitsSigVer within the ACM RoT.Western Digital Corporation
RSA SigVer [FIPS 186]A2099PSSSignature Type: PKCSPSS Hash Algorithm: SHA2-256 Modulo: 3072 Key Strength: 128 bitsSigVer within the OptiNAND device.Western Digital Corporation
SHS [FIPS 180]SHS 2942SHA-1Message Length: 8- 51200, Increment: 8 Key Size: 160 Key Strength: 160 bitsNot usedAvago Technologies
SHA2 - 224SHA2 - 224Message Length: 8- 51200, Increment: 8 Key Size: 224 Key Strength: 224 bitsNot used
SHA2-256SHA2-256Message Length: 8- 51200, Increment: 8 Key Size: 256 Key Strength: 256 bitsMessage digest generation. Digital signature verification within the ACM RoT

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED Table 4 for LockOnReset, ReadLockEnabled, or WriteLockEnabled for any configured BandMaster transitions the CM to a noncompliant state. The Cryptographic Module does not support a degraded operational mode. 2.5 Algorithms The Cryptographic Module supports NIST SP 800-131A compliant approved algorithms listed in Table 5. Approved Algorithms Table 5 Approved Algorithms AES 3580 5

5 AES 3580 (2015) predates Testing Revision 2.0
Page 15

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED

Page 16
Approved algorithm
NameCAVP CertMode MethodKey SizePropertiesReferenceVendor NameImplementation
SHS [FIPS 180]A2099SHA2-256Message Length: 0- 65536, Increment: 8 Key Size: 256 Key Strength: 256 bitsWestern Digital Corporation
CKG-DirectAES 256: Symmetric Key GenerationSP 800-133rev2 Section 4 example #1, Section 6.1 and IG D.HN/A
CKG- CombinedAES 256: Symmetric Key GenerationSP 800-133rev2 Section 6.3 example #2 and IG D.HN/A
Approved algorithm
NameCAVP CertMode MethodKey SizePropertiesReferenceVendor NameImplementation
SHS [FIPS 180]A2099SHA2-256Message Length: 0- 65536, Increment: 8 Key Size: 256 Key Strength: 256 bitsWestern Digital Corporation
CKG-DirectAES 256: Symmetric Key GenerationSP 800-133rev2 Section 4 example #1, Section 6.1 and IG D.HN/A
CKG- CombinedAES 256: Symmetric Key GenerationSP 800-133rev2 Section 6.3 example #2 and IG D.HN/A
Service
NameDescriptionApproved FunctionsTypePropertiesSF Capabilities
Authority_Digest_ GenerationGenerates an HMAC message digest of an Authentication Credential PINHMAC-SHA2-256 (Cert #HMAC 2280)MACMessage Length: 8- 51200, Increment: 8, Key Size: 256, Key Strength: 256 bitsPublications: [IG 10.3.A]
Authority_Digest_ VerificationVerifies the HMAC digest of an Authentication Credential PIN.HMAC-SHA2-256 (Cert #HMAC 2280)MACMessage Length: 8- 51200, Increment: 8, Key Size: 256, Key Strength: 256 bitsPublications: [IG 10.3.A]
DecryptionBlock CipherAES-CBC (Cert #AES 3580)BC-UnAuthKey Size: 128, 256, Key Strength: 128, 256 bitsPublications: [IG 10.3.A]
Derived_Key_Gene rationPassword-Based Key DerivationPBKDF2 (Cert #A2100) HMAC-SHA2-256 (Cert #HMAC 2280)PBKDF2PBKDF2 Master Key Generation Type: Option 2a, Iteration Count: 2 - 1024 with Increment 1, HMAC Algorithm: SHA2-256. Password Length: 32, Salt Length: 128-512 with Increment 8, Key Data Length: 256 - 4096 with Increment: 256 HMAC-SHA2-256 Message Length: 8- 51200, Increment: 8, Key Size: 256, Key Strength: 256 bits Note: The CM uses keys derived from passwords only in a storage application.Publications: [IG 10.3.A] [IG D.N]
Digest_GenerationSecure Hash StandardSHA2-256 (Cert #SHS 2942)SHAMessage Length: 8- 51200, Increment: 8, Key Size: 256, Key Strength: 256 bitsPublications: [IG 10.3.A] [IG C.B]
Digest_VerificationSecure Hash StandardSHA2-256 (Cert #SHS 2942)SHAMessage Length: 8- 51200, Increment: 8, Key Size: 256, Key Strength: 256 bitsPublications: [IG 10.3.A] [IG C.B]
EncryptionBlock CipherAES-CBC (Cert #AES 3580)BC-UnAuthKey Size: 128, 256, Key Strength: 128, 256 bitsPublications: [IG 10.3.A]
EntropyEntropy SourceESV Cert #13ESVSecurity Strength: 256Publications: [IG 9.3.A] [IG D.J] [IG D.O]
FW_AuthenticityDigital Signature Verification Verifies the authenticity of a CM firmware imageRSA SigVer (Cert #A2098) SHA2-256 (Cert #SHS 2942)DigSig-SigVerRSA SigVer Signature Type: PKCSPSS Modulo: 3072. Key Strength: 128 bits SHA2-256 Message Length: 8- 51200, Increment: 8, Key Size: 256, Key Strength: 256 bitsPublications: [IG 10.3.A] [IG C.B] [IG C.F]
FW_IntegrityDigital Signature Verification Verifies the integrity of a CM firmware imageRSA SigVer (Cert #A2098) SHA2-256 (Cert #SHS 2942)DigSig-SigVerRSA SigVer Signature Type: PKCSPSS Modulo: 3072, Key Strength: 128 bits SHA2-256 Message Length: 8- 51200, Increment: 8, Key Size: 256, Key Strength: 256 bitsPublications: [IG 10.3.A] [IG C.B] [IG C.F]
Key WrapKey Wrapping Key UnwrappingAES-KWP (Cert #A2098) AES-ECB (Cert #AES 3580)KWP-AE KWP-ADAES-KWP Direction: Forward Authenticated Encrypt, Authenticated Decrypt, Payload Length: 96-1024, Increment 8, Key Length: 256 AES-ECB Key Size: 128, 256, Key Strength: 128, 256 bitsPublications: [IG 10.3.A] [IG D.G]
Keyed_Digest_Gen erationMessage Authentication GenerationHMAC-SHA2-256 (Cert #HMAC 2280)MACMessage Length: 8- 51200, Increment: 8, Key Size: 256, Key Strength: 256 bitsPublications: [IG 10.3.A]
Keyed_Digest_Veri ficationMessage Authentication VerificationHMAC-SHA2-256 (Cert #HMAC 2280)MACMessage Length: 8- 51200, Increment: 8, Key Size: 256, Key Strength: 256 bitsPublications: [IG 10.3.A]
MEK GenerationCryptographic Key Generation, XOR of LRK and NSKDRBG (Cert # A2098) AES-XTS (A2101) CKG-CombinedCKGPayload Length: 4096 – 32768 Increment: 128 Tweak Mode: Number Key Size: 128, 256 Key Strength: 128 bits, 256 bitsPublications: [IG D.H]
OptiNAND_Descr amblerBlock Cipher.AES-CBC (Cert #A2099)BC-UnAuthKey Size: 256, Key Strength: 256 bitsPublications: [IG 10.3.A]
FW_Auth_OptiNA NDDigital Signature Verification Verifies the authenticity of an OptiNAND firmware imageRSA SigVer (Cert #A2099) SHA2-256 (Cert #A2099)DigSig-SigVerRSA SigVer Signature Type: PKCSPSS Modulo: 3072, Key Strength: 128 bits SHA2-256 Message Length: 0- 65536, Increment: 8, Key Size: 256, Key Strength: 256 bitsPublications: [IG 10.3.A] [IG C.B] [IG C.F]
FW_Integrity _OptiNANDDigital Signature Verification Verifies the integrity of an OptiNAND firmware image.RSA SigVer (Cert #A2099) SHA2-256 (Cert #A2099)DigSig-SigVerRSA SigVer Signature Type: PKCSPSS Modulo: 3072, Key Strength: 128 bits SHA2-256 Message Length: 0- 65536, Increment: 8, Key Size: 256, Key Strength: 256 bitsPublications: [IG 10.3.A] [IG C.B] [IG C.F]
RBGRandom bit generatorCTR-DRBG (Cert #A2098)DRBGMode: AES-256 Derivation Function: True, Prediction Resistance: False, Key Size: 256, Key Strength: 256 bitsPublications: [IG 10.3.A] [IG D.L] [IG D.R]
RBG_SeedingSeeds DRBG with entropy dataCTR-DRBG (Cert #A2098)ESVMode: AES-256, Derivation Function: True, Prediction Resistance: False, Key Size: 256, Key Strength: 256 bitsPublications: [IG 9.3.A] [IG 10.3.A] [IG D.J] [IG D.K]
DRBGDRBGPublications: [IG 10.3.A] [IG D.L] [IG D.R]
SecureLoader_ IntegrityDigital Signature Verification Verifies the integrity of the Secure Loader firmware imageRSA SigVer (Cert #A2098)DigSig-SigVerRSA SigVer Signature Type: PKCSPSS Hash Algorithm: SHA2- 256, Modulo: 3072, Key Strength: 128 bits SHA2-256 Message Length: 8- 51200, Increment: 8, Key Size: 256, Key Strength: 256 bitsPublications: [IG C.F] [IG 10.3.A] [IG C.B]
Secure HashSHA2-256 (Cert #SHS 2942)Secure Hash
Symmetric_Key_Ge nerationGenerates AES 256 symmetric cryptographic keysCKG-Direct AES-CBC (Cert #AES 3580)CKGKey Size: 128, 256, Key Strength: 128, 256 bits
User_Data_Decrypt ionBlock CipherAES-XTS (Cert #A2101)BC-UnAuthPayload Length: 4096 – 32768, Increment: 128, Tweak Mode: Number, Key Size: 128, 256, Key Strength: 128, 256 bitsPublications: [IG 10.3.A] [IG C.I]
User_Data_Encrypt ionBlock CipherAES-XTS (Cert #A2101)BC-UnAuthPayload Length: 4096 – 32768, Increment: 128, Tweak Mode: Number, Key Size: 128, 256, Key Strength: 128, 256 bitsPublications: [IG 10.3.A] [IG C.I]

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED Use/Function Digital signature OptiNAND device. Note: AES - XTS - The AES-XTS algorithm implementations include a check to ensure Key_1 ≠ Key_2 The Cryptographic Module implements the FIPS Vendor Affirmed cryptographic algorithms listed in Table

  1. Table 6 Vendor Affirmed Algorithms N/A CKGCombined N/A Non-Approved, Allowed Algorithms The Cryptographic Module does not implement non-Approved but allowed algorithms. Non-Approved, Allowed Algorithms with No Security Claimed The Cryptographic Module does not implement non-Approved but allowed algorithms with no security claimed. Non-Approved, Not Allowed Algorithms None. The cryptographic module does not implement algorithms that are not NIST SP 800-131A compliant. 2.6 Security Function Implementations The Cryptographic Module implements the Security Function Implementations listed in Table
  2. Table 7 Security Function Implementations
Page 17

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED

Page 18

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED

Page 19

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED

Page 20

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED 2.7 Algorithm Specific Information The Cryptographic Module performs a key comparison test on each LRK.AESKey/LRK.XTS and NSK.AESKey/NSK.XTS keyset to assure compliance with FIPS 140-3 IG C.I XTS-AES Key Generation Requirements every time the CM generates an LRK.AESKey/LRK.XTS and NSK.AESKey/NSK.XTS keyset, to assure compliance for all derived MEKs. The only use of any AES-XTS key pair is the encryption and decryption of data-at-rest within the cryptographic module in a storage application. PBKDF2 The password consists of a minimum of twelve (12) hexadecimal bytes values and a maximum of thirty-two (32) hexadecimal bytes values that range from 0x00 to 0xFF. The probability that a random attempt correctly guesses a twelve (12) byte password, or a false acceptance occurs is equal to 1 in 7.92E+28. The probability that a random attempt correctly guesses a thirty-two (32) byte password, or a false acceptance occurs is equal to 1 in 1.16E+7728. The default 1024 iteration count, 256-bit Salt and HMAC-SHA2-256 (Cert #HMAC 2280) algorithm conforms to SP 800-132, Option 2a. The Master key (MK) encrypts and decrypts data protection keys. The PBKDF2 derived keys, Ku, and Ka, encrypt data protection keys used in a data storage application.

Page 21
Sensitive security parameter
NameTypeStrengthOperating EnvironmentEntropy per sampleConditioning Components
ESV, E13Physical32 bits0L23689, IC SOC9, Rev 2.1 ARM Cortex M3, ARM Cortex R82.69612None
Vendor NameCertificate Number
Western Digital CorporationE13

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED 2.8 RBG and Entropy The SP 800-90A rev1-compliant Deterministic Random Bit Generator (DRBG), implemented as a CTR_DRBG mechanism, uses an AES-256 block cipher derivation function to generate encryption keys for use within the cryptographic boundary of the Cryptographic Module. Paragraphs titled Entropy Information and RBG Information summarize the characteristics of the entropy noise source that resides within the cryptographic boundary and seeds the CTR_DRBG. Table 8 Entropy Certificates Table 9 Entropy Sources Entropy Information The hardware-based ring oscillator noise source referenced in Table 9 consist of eight (8) identical groups of four (4) independent ring oscillator circuits. Within each group, there are four (4) distinct logic inverter gate designs that consist of 19, 23, 31, and 39 gates. The oscillators are physically isolated from other active traces within the SoC9 ASIC. No configuration steps are necessary to operate the entropy source in a compliant manner. As stated in the Public Use Documents for E13, on power up the Cryptographic Module executes an entropy source initialization sequence that collects sufficient samples of raw noise to verify the health of its entropy source prior to seeding the DRBG. If the initialization sequence returns false, the Cryptographic Module transitions to an error state that blocks the execution of all security services. RBG Information The output of the entropy source referenced in Table 9 consists of the raw data generated from thirty-two (32) free running ring oscillators. Eight identical groups of four variable length inverter chains define the implementation. Each 32-bit sample produces at least 2.69612 bits of entropy. Each time the DRBG is instantiated or reseeded, the CM concatenates one hundred sixty (160) 32-bit samples to seed the DRBG. This equates to 5120 bits of entropy data and translates to at least 431.379 bits of min-entropy. This seeds the CTR_DRBG with approximately 287 bits of security strength (~287.59 bits of entropy input and ~143.79 bits of nonce). Seeding the DRBG with at least 287 bits of security strength exceeds the requirement to seed the DRBG with 256 bits of security strength. 2.9 Key Generation The cryptographic module utilizes an SP 800-90A rev1-compliant CTR_DRBG to generate symmetric cryptographic keys, which comply with sections 6.1, 6.2.3 and 6.3 of SP 800-133r2. Each symmetric keyset consists of an encryption and a signing key. Specifically,

Page 22

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED

2.10 Key Establishment

Key Agreement Information The cryptographic module does not support a key establishment scheme. Key Transport Information The cryptographic module does not support a key transport scheme.

2.11 Industry Protocols

The cryptographic module supports the TCG Storage SSC: Enterprise [TCG Enterprise] security protocol. 3.1 Cryptographic Module Interfaces Ports and Interfaces As a hardware module, the Cryptographic Module uses the standard 29-pin Serial Attached SCSI (SAS) connector that conforms to the mechanical requirements of SFF 8680. Table 10 identifies the Cryptographic Module’s ports and interfaces. The two-wire SIO Serial Port connector consists of signal and ground. Prior to shipment, Western Digital disables the SIO port. The Cryptographic Module does not provide a maintenance access interface. The SCSI protocol [SCSI Core] [SCSI Block] provides the primary communication channel between the Cryptographic Module and a host system. Services provided by the Cryptographic Module that require the processing of operator issued commands include TCG Storage SSC: Enterprise configuration settings, the reading and writing of user data, and retrieval of status data. The Cryptographic Module does not support a trusted channel communication link between the CM and a host system.

Page 23
Ports and interfaces
NamePhysical PortLogical Interface
SAS Connector SIO Serial Port Connector UARTSAS Connector SIO Serial Port Connector UARTSAS connector: Used to transmit SCSI commands from the host system to the CM. SIO Serial Port: None, disabled. UART: Used to transmit SCSI commands from the host system to the CM.Control Input
SAS Connector SIO Serial Port Connector UARTSAS Connector SIO Serial Port Connector UARTSAS connector: Used to transmit data and firmware update images from the host system to the CM. SIO Serial Port: FD_UART_RX, disabled. UART: Used to transmit data from the host system to the CM.Data Input
SAS Connector SIO Serial Port Connector UARTSAS Connector SIO Serial Port Connector UARTSAS connector: Used to transmit data from the Cryptographic Module to the host system. SIO Serial Port: FD_UART_TX, disabled. UART: Used to transmitted data from the CM to the host system.Data Output
Download PortThis logical port has two valid states, locked, and unlocked. If locked, the CM logically blocks firmware downloads. If unlocked, the CM logically allows the Cryptographic Officer to download firmware.Download Port
Power ConnectorPower ConnectorPower connectorPower
SAS ConnectorSAS ConnectorUsed to transmit status data from the CM to the host system. READY_LEDStatus Output
Sensitive security parameter
NameDescriptionStrengthStrength per minute
Credential PIN AuthenticationAuthenticates a 12 to 32 bytes Authentication Credential PIN Byte value range (ea.): 0x00 to 0xFF.12-byte PIN: 96 bitsAuthority_Digest _VerificationPermutations: 7.92E+28 Authentication Time: 2.094965 msec Guess Probability (1 min): 3.61E-25
32-byte PIN: 256 bits32-byte PIN: 256 bitsPermutations: 1.16E+77 Authentication Time: 2.094965 msec Guess Probability (1 min): 2.47E-73

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED Table 10 Ports and Interfaces Roles, Services, and Authentication 4.1 Authentication Methods The Cryptographic Module implements the listed authentication methods. Table 11 Authentication Methods Note: E = log2(RL), where E = authentication strength, R = pool of unique characters and L = password length defines the security strength of an Authentication Credential PIN. See Calculating Password Entropy [PW]. 4.2 Roles The Module supports distinct User and Cryptographic Officer (CO) operator roles. The Cryptographic Module enforces role separation by requiring a role identifier and authentication credential in the form of a Personal Identification Number (PIN). The Cryptographic Module enforces role dependent service access rules. Table 13 maps services to Crypto Officer and User roles. The Cryptographic Module implements Access Control in layers. The top layer of the implementation consists of Access Control Lists (ACLs). ACLs are lists of Access Control Elements (ACEs). The boolean state of an ACE associated with an authority within a role determines access to a service. After authentication, an authority’s associated ACE boolean expression is set to be True. Prior to

Page 24
Service
NameRole AccessType
AnybodyUserRole
BandMaster [0-15]CORoleCredential PIN Authentication
EraseMasterCORoleCredential PIN Authentication
SCSI UserUserRole
SIDCORoleCredential PIN Authentication

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED authentication, an authority’s associated ACE boolean expression is set to False. Closing a TCG session or powering off the Cryptographic Module disables all previously authenticated authorities by setting the ACE Boolean expression associated with all authenticated authorities to False. After powering up the CM and opening a new TCG session, the operator must execute the Authenticate service to enable an authority within the Crypto Officer and User roles. The Cryptographic Module does not support concurrent operators. The Cryptographic Module encrypts and signs all authentication data, associated with a role, stored outside the ACM. The ACM imports the encrypted and signed authentication, verifies the signature, and decrypts the authentication data. Before validating the operator supplied authentication data, the ACM checks for try limit violations. The lock-based authentication method implemented by the Cryptographic Module remains secure because the purpose of the implementation is to protect data-at-rest and the host operating system in communication with the CM acts as the operator and is considered a trusted machine. The Cryptographic Module implements the roles listed in Table 12. Table 12 Roles The CM supports both Crypto Officer (CO) and User roles.

Page 25

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED

Page 26
Service
NameDescriptionRolesCsps AccessedApproved FunctionsIndicatorInputOutputRoles SSP Access
Authenticate PSIDPSID character string authenticationCO: SID User: AnybodySIDDecryptionisFIPS mode is truePSIDSuccess or UEC failure codeDecryption Keyed_Digest_Verif ication
Keyed_Digest_VerifE:PSID Digest, GlobalKeyed_Digest_Verif
icationActive Keysetication
Authenticate TCG AuthorityAuthentication Credential authenticationCO: SID, EraseMaster, BandMaster User: AnybodyisFIPS mode is trueAuthentication Credential PINSuccess or UEC failure codeAuthority_Digest_V erificationSID E: SID PIN Digest, MSID Digest, SED AdminSP Active Signing Key W: SID PIN, MSID EraseMaster E: EraseMaster PIN Digest, BandMaster PIN Digests, MSID Digest, SED Active LockingSP Signing Key W: EraseMaster PIN, BandMaster PIN, MSID BandMaster E: BandMaster PIN Digests, EraseMaster
BootFlashInt egrityE: SD_CA KeySecureLoader_ IntegrityAn RSA digitalisFIPS mode is trueRSA 3072 PSS signed firmware imageSuccess or UEC failure codeUnauthenticated
FIPS 140 Compliance Descriptor6This service reports the FIPS 140 revision as well as the Cryptographic Module’s overall security level, hardware revision, firmware revision and module name.NoneNoneN/ASecurity Protocol IN (0x0, 0x2, 0x2)7FIPS 140 Compliance Descriptor table data or UEC failure codeUser: SCSI User

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED 4.3 Approved Services Table 13 lists approved services implemented by the Cryptographic Module. The SSPs modes of access shown in the table below are defined as: G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module (e.g., the SSP is output). W = Write: The SSP is updated, imported, or written to the module. E = Execute: The CM uses the SSP to perform a cryptographic operation. Z = Zeroise: The CM zeroises the SSP. Table 13 Approved Services

Page 27

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED N/A

6 See Security Features for SCSI Commands [SFSC] for further details
7 See SCSI Primary Commands - 5 (SPC-5)
Page 28
Service
NameDescriptionRolesCsps AccessedApproved FunctionsIndicatorInputOutputDescription
Firmware DownloadDigital signatureCO: SIDE: OEM_FW Key, OEM_Release KeyFW_AuthenticityisFIPS mode is trueRSA 3072 PKCSPSS signed firmware imageSuccess or UEC failure codeFW_Authenticity
Firmware Download ControlCO: SIDNoneN/AFW_DOWNLOA D_PORT bit within the AdminSP Logical Port TableSuccess or UEC failure codeNoneEnable or disable access to the Firmware Download service
Firmware IntegrityAn RSA digitalUnauthenticatedisFIPS mode is trueRSA 3072 PKCSPSS signed firmware imageSuccess or UEC failure codeFW_IntegrityE: OEM_FW Key, SC
signature verifiessignature verifiesFW Key, SP_FW Key,
the authenticitythe authenticityOEM_OFS Key,
of a binaryof a binarySD_BFW Key, SD_CA
firmware image.firmware image.Key
Generate RandomUser: AnybodyG: DRBG.Key, DRBG.V E: DRBG.Key, DRBG.VisFIPS mode is trueByte countByte stringRBGTCG Random method that generates a random number from the SP 800- 90A CTR_DRBG
GetReads dataCO: SID, EraseMaster, BandMaster, User: AnybodyR: MSIDisFIPS mode is trueRequested table data. [TCG Core]Decryption Keyed_Digest_Verif icationSee §5.3.3.6 Basic
structure; accessstructure; accessTable Method
controlcontrolGroup - Get
enforcementenforcement(Table and Object
occurs per dataoccurs per dataMethod
structure fieldstructure field[TCG Core]
Get Band AttributesCO: BandMaster User: AnybodyNoneN/ABand_UID [TCG Enterprise]LBA band attribute data [TCG Enterprise]NoneReturns the data stored in the Locking SP table for an LBA Band
Get Data StoreRead a stream ofUser: AnybodyNoneN/ANoneSee §3.2.13.9 ReadDataStore
bytes frombytes fromdata from theplaintext data
unstructuredunstructuredDataStore tableor UEC failure
Level 0 DiscoveryUser: AnybodyNoneN/ASee §3.3.6 Level 0 Discovery, §3.3.6.2 IF-RECV Command [TCG Core]Level 0 Discovery Response data [TCG Core]NoneTCG ‘Level 0 Discovery’ discloses basic configuration data about the

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED N/A N/A N/A N/A

Page 29
Service
NameDescriptionRolesCsps AccessedApproved FunctionsIndicatorInputOutputRoles SSP Access
OptiNAND Firmware DownloadCO: SIDFW_Auth_OptiNAisFIPS mode is trueRSA 3072 PSS signed firmware imageSuccess or UEC failure codeDigital signatureE: sFFUPublicKey
verification of aNDverification of a
binary firmwareOptiNAND_Descrabinary firmware
image.mblerimage.
OptiNAND Firmware IntegrityDigital signature verification of a binary firmware image.UnauthenticatedN/ARSA 3072 PSS signed firmware imageSuccess or UEC failure codeE: sFFUPublicKeyFW_Integrity _OptiNAND OptiNAND_Descra mbler
Read User DataUser: SCSI UserisFIPS mode is truePlaintext user data or UEC failure codeReads ciphertextE: MEKUser_Data_Decrypti onSCSI Operation
from a LBAfrom a LBACode, LBA,
band and outputband and outputTransfer Length,
user plaintextuser plaintextData-Out Buffer
data.data.See [SBC-4]
Reset ModulePower on ResetUnauthenticatedisFIPS mode is trueNoneDrive Ready Indicator or UEC failure codeG: DRBG.Seed, DRBG.Key, DRBG.V, ESV, SED Volatile Keyset E: ESV, DRBG.Key, DRBG.V, SED Volatile KeysetDerived_Key_Gene ration Encryption Key Wrap RBG RBG_Seeding
RevertThe Revert method cryptographically erases CSPs and returns the Cryptographic Module to its original manufactured state.CO: SID User: AnybodySIDisFIPS mode is truePSIDDrive Ready Indicator or UEC failure codeEncryption Keyed_Digest_Gene ration RBG

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED N/A Ka, Ku, LRK, NSK,

Page 30

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED DRBG.V, Ka, Ku, LRK, PIN Digests, Ka, Ku, Ka, Ku, LRK, NSK,

Page 31
Service
NameDescriptionRolesIndicatorInputOutputRoles SSP Access
RevertSPThe RevertSP method cryptographically erases CSPs and returns the Cryptographic Module to its original manufactured state.CO: SID User: AnybodyisFIPS mode is trueSee §5.1.3 RevertSP – Base Template SP Method [TCG Opal]Drive Ready Indicator or UEC failure codeEncryption Key Wrap Keyed_Digest_Gene ration RBGSID G: SID PIN Digest, EraseMaster PIN Digest, BandMaster PIN Digests, DRBG.Key, DRBG.V, K, K , LRK, NSK, a u MEK, RAK, UAK, UMK, , Root Keyset, Global Active Keyset, SED Active Keyset, SED AdminSP Keyset, SED LockingSP Keyset, SED Volatile Keyset SED AdminSP Keyset E: DRBG.Key, DRBG.V, K, K , LRK, a u NSK, RAK, UAK, UMK, Root Keyset,

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED DRBG.V, Ka, Ku, LRK, PIN Digests, Ka, Ku, Ka, Ku, LRK, NSK, DRBG.V, Ka, Ku, LRK,

Page 32

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED PIN Digests, Ka, Ku, Ka, Ku, LRK, NSK, DRBG.V, Ka, Ku, LRK,

Page 33
Service
NameDescriptionRolesCsps AccessedIndicatorInputOutput
SCSI CommandThe SCSI command set provides an efficient peer-to- peer operation for SCSI devices.User: SCSI UserNoneN/AInput parameters are defined within [SCSI Core] and [SCSI Block]Return deviceNone
Self-TestThe Cryptographic Module performs self- tests when it powers upUnauthenticatedG: DRBG.Key, DRBG.V E: DRBG.Key, DRBG.VN/ANoneDrive Ready or UEC failure codeDecryption Derived_Key_Gene ration Digest_Generation Digest_Verification FW_Integrity Encryption Entropy Key Wrap Keyed_Digest_Gene ration Keyed_Digest_Verif ication RBG
SetCO: SID, EraseMaster, BandMaster User: AnybodyisFIPS mode is trueSet method table data. See [TCG Core]Success or UEC failure codeAuthority_Digest_G eneration Encryption Keyed_Digest_Gene rationWrite dataSID
structures; accessstructures; accessE: Global Active
controlcontrolKeyset, SED Active
enforcementenforcementKeyset, SED AdminSP
occurs per dataoccurs per dataKeyset, , SED Volatile
structure field.structure field.Keyset
This service canThis service canW: SID PIN

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED N/A N/A PIN Digests, Ka, Ku,

Page 34
Service
NameDescriptionRolesCsps AccessedIndicatorInputOutputRoles SSP AccessSecurity
change Authentication Credential PINs.change Authentication Credential PINs.EraseMaster
Set Band AttributesSet the starting location, size, and attributes of an LBA band.CO: BandMasterisFIPS mode is trueLBA band attribute configuration data See [TCG Enterprise]Success or UEC failure codeEncryption Keyed_Digest_Gene rationE: Global Active Keyset, SED Active Keyset, SED LockingSP Keyset, SED Volatile Keyset, UAK
Set Data StoreCO: BandMaster User: AnybodySuccess or UEC failure codeNoneNoneWrite a stream ofDataStore byte
bytes tobytes totable data
unstructuredunstructuredSee [TCG
Show StatusThe status inquiry command requests SCSI device (e.g., Cryptographic Module) status informationUser: SCSI UserN/A[SCSI Core] and [SCSI Block] define the input parameters.Return requested module data or UEC failure codeNoneNone
TCG EraseCO: EraseMasterG: MEK, LRKisFIPS mode is trueTCG EraseBand_UIDSuccess orEncryption
cryptographicallyE: DRBG.Key,cryptographicallySee [TCGUEC failureKeyed_Digest_Gene
erases user dataDRBG.V, LRK, NSK,erases user dataEnterprise], [TCGcoderation

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED Keyset, Ka Keyset, Ku N/A

Page 35
Service
NameDescriptionRolesCsps AccessedApproved FunctionsIndicatorInputOutput
Write User DataTransform plaintext user data into ciphertext and writes to an LBA band.User: SCSI UserE: MEKUser_Data_Encrypti onisFIPS mode is trueOperation Code, LBA, Transfer Length, Data-Out Buffer [SBC-4]Success or UEC failure code

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED UAKa

Page 36

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED 4.4 Non-Approved Services The Cryptographic Module does not support non-approved services. 4.5 External Software/Firmware Loaded The Cryptographic Module utilizes RSA public key cryptography to verify that firmware downloaded to the CM is authentic. The Cryptographic Module uses RSA 3072 PKCSPSS with SHA2-256 to verify the digital signature of a downloaded firmware binary image. A Hardware Security Module (HSM), which resides in a secure Western Digital facility, generates, and stores the RSA Public/Private key pairs used in the firmware signing process. The Cryptographic Module rejects a downloaded firmware binary image if the digital signature verification process fails. Software/Firmware Security 5.1 Integrity Techniques The Cryptographic Module utilizes RSA public key cryptography to verify the integrity of all firmware binary images within the CM prior to execution. An operator may initiate the integrity test on demand by power cycling the CM. The firmware integrity tests ensure that prior to executing any firmware image the storage device verifies the firmware is from an authenticated Western Digital source. Current storage devices typically implement a multi-stage loader system to boot the drive. Each loader stage is responsible for loading and verifying the next image before transferring control to the next image. This process establishes a chain of trust during the boot process. The Cryptographic Module’s Boot ROM code loads the secure loader image. The SD_CA Key signed secure loader, enables the boot process to use other keys besides the SD_CA Key for boot time signature checking (i.e., SD_BFW Key). For example, the secure loader loads the SD_BFW public key certificate and verifies the SD_CA Key signature of the certificate. The secure loader then loads the next image(s) from boot flash, verifies the signature of the next image(s) using the SD_BFW public key, and transfers control to the next image. SD_CA Key SD_BFW Key SD_SM Key SC_FW Key SP_FW Key PROD_Group Key OEM_FW Key OEM_Release Key OEM_OFS Key Figure 10 - Asymmetric Key Tree 5.2 Initiate on Demand The operator initiates the integrity test on demand by power cycling the Cryptographic Module.

Page 37

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED 5.3 Open-Source Parameters The Western Digital firmware development process does not utilize open-source firmware to build executable code installed within the Cryptographic Module. 6.1 Operational environment Operational Environment Type and Requirements Type of Operating Environment: Limited While operational, the Cryptographic Module prohibits additions, deletions, or modification of the code working set. For firmware upgrades, the Cryptographic Module uses an authenticated download service to upgrade its mutable firmware in its entirety. The immutable security firmware stored in ROM, which is essential and integral to the operation of the module is non-modifiable. If the download operation is successful, authorized, and verified, the Cryptographic Module will begin operating with the new code working set after successfully executing all preoperational self-tests. Firmware loaded into the cryptographic module that is not on the FIPS 140-3 certificate is out of the scope of this validation and requires a separate FIPS 140-3 validation. 6.2 Configuration Settings and Restrictions The Cryptographic Module blocks the installation of firmware images that contain a Code ID that is inconsistent with the Cryptographic Module’s SoC, hardware interface type (e.g., SAS or SATA) and security type (e.g., TCG Enabled, FIPS Enabled, etc.). The Crypto Officer is responsible for assuring that the LockOnReset parameter of the logical firmware download port is set to PowerCycle. The Cryptographic Module is in a noncompliant state when the LockOnReset parameter is not set to PowerCycle. The Crypto Officer is responsible for assuring the logical firmware download port remains locked unless the CO intends to execute the Firmware Download service. The CO shall lock the firmware download port after the Firmware Download service completes. Consult the Ports section of the Ultrastar DC HC560 3.5-inch Serial Attached SCSI Hard Disk Drive Specification [Product Manual] or Ultrastar DC HC570 3.5-inch Serial Attached SCSI Hard Disk Drive Specification [Product Manual] for guidance. The Crypto Officer is responsible for assuring that the BandMaster Authentication PIN Credential for all configured BandMasters does not equal the MSID value. LBA bands associated with BandMasters with default authentication PIN values are considered plaintext. The Crypto Officer is responsible for assuring that the LockOnReset attribute for any configured BandMaster is set to PowerCycle. The Cryptographic Module is in a noncompliant state when the state of the LockOnReset attribute of any configured BandMaster is not set to PowerCycle. The Crypto Officer is responsible for assuring that the ReadLockEnabled and WriteLockEnabled attribute for any configured BandMaster is set to True. The Cryptographic Module is in a noncompliant state when the state of the ReadLockEnabled or WriteLockEnabled attribute of any configured BandMaster is set to False. Consult the TCG Storage SSC: Enterprise Specification [TCG Enterprise] for guidance. Physical Security The Cryptographic Module is a multi-chip embedded module that complies with FIPS 140-3 Level 2 security. An ambient temperature from 5° to 60°C defines the Cryptographic Module’s environmental operating range [Datasheet] 7.1 Mechanisms and Actions Required The Cryptographic Module does not make claims in the Physical Security area beyond FIPS 140-3 Level 2 security. Therefore, the CM does not employ any fault induction mitigation techniques or EFP feature to immediately zeroise all unprotected SSPs if the temperature or voltage falls outside of the cryptographic module's normal operating range.

Page 38
Physical Security MechanismRecommendedInspection/Test Guidelines
Frequency of
Inspection
Testing
During the manufacturing process, specialized equipment applies one tamper-evident security seal to the CM’s PCBA. See Figure 11 and Figure 12.AnnuallyThe Cryptographic Module’s owner shall inspect the Cryptographic Module for evidence of tampering. If tamper evidence is apparent, the owner should return the module to Western Digital. See Figure 13.

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED The CM initiates a thermal safety shutdown if the temperature drops below -40°C or exceeds 70°C but does not zeroize SSPs if either trip point is exceeded.

Page 39
Sensitive security parameter
NameTypeDescription
DRAMDynamicGeneral purpose system memory
IRAMDynamicMemory internal to the ACM
NOR FlashStaticSSP and boot code storage
NAND FlashStaticSSP storage and firmware image
Disk MediaStaticSSP and operation firmware image storage
One-time Programable (OTP)StaticRoot Key and Certificate Authority Key storage
Service
NameApproved FunctionsTypeFromTo
Authentication Credential PINAuthenticate TCG AuthorityPlaintextOperatorCMAutomatedElectronic
Public KeyRSA SigVerPlaintextHSMCMAutomatedElectronic

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED 8.1 Non-invasive Security Mitigation Techniques The Cryptographic Module lacks features to mitigate any non-invasive security attacks beyond the scope of the requirements within FIPS 140-3 Security Level 2. Sensitive Security Parameters Management The Cryptographic Module manages the SSPs listed in Section 9.4 of this document. The Cryptographic Module does not support the output of SSPs beyond the cryptographic boundary. The Cryptographic Module does not support non-approved algorithms or key lengths. 9.1 Storage Areas Calling processes implemented in firmware control Cryptographic Module access to SSPs. Zeroization services destroy or cryptographically erase SSPs. Table 15 Storage Area 9.2 SSP Input and Output Methods The CM limits the input of SSPs to plaintext Authentication Credential PINs and RSA-3072 public keys. RSA-3072 public key input only occurs during the manufacturing process. Instead of storing PIN values as plaintext, the CM stores an HMAC SHA-256 Digest of the PIN. A Hardware Security Module (HSM), which resides within a secure Western Digital facility, generates, and stores the RSA Public/Private key pairs input during the manufacturing process. The CM does not support the output of intermediate values generated during key generation. The module does not support the output of SSPs beyond the cryptographic boundary of the module. Table 16 SSP Input-Output Methods

Page 40
Sensitive security parameter
NameTypeDescriptionStrengthGenerationEstablishment
Admin Authority Key (K ) aDerived Symmetric KeyThe K key encrypts and decrypts UAKs a and the UMK.256 bitsPBKDF2, InternalN/A256 bits
Anybody User Access Key (UAK ) aSymmetric KeyThe Anybody Authority uses UAK to a decrypt the RAK of unlocked LBA bands.256 bitsCKG-DirectN/A256 bits
BandMaster PIN (16 total)PlaintextAuthentication Credential PIN for a Locking SP Bandmaster Authority.12 to 32 bytesN/AN/A96 to 256 bits
BandMaster PIN Digest (16 total)Message DigestAuthenticates BandMaster PIN.256 bitsHMAC-SHA2-256, InternalN/A256 bits
DRBG.KeyEntropyInternal state associated with the [SP 800 90A] CTR_DRBG using AES-256256 bitsCTR_DRBG, InternalN/A256 bits
DRBG.SeedEntropyInternal state associated with the [SP 800 90A] CTR_DRBG using AES-2565120 bitsESV InternalN/A431.379 bits
DRBG.VEntropyInternal state associated with the [SP 800 90A] CTR_DRBG using AES-256.128 bitsCTR_DRBG, InternalN/A128 bits
EraseMaster PINPlaintextAuthentication Credential PIN for the Locking SP EraseMaster Authority.12 to 32 bytesN/AN/A96 to 256 bits
EraseMaster PIN DigestMessage DigestAuthenticates the EraseMaster PIN256 bitsHMAC-SHA2-256, InternalN/A256 bits
ESVEntropyEntropy source input to the [SP 800 90A] CTR_DRBG32-bit sampleRing oscillator noise source, InternalN/A2.69612 bits per 32-bit sample
Global Active Encryption Key (AEK)Symmetric KeyThe Global Active Encryption Key encrypts and decrypts the SED Active Keyset, NSK and the UAK key. a256 bitsCKG-DirectN/A256 bits
Global Active Signing KeySymmetric KeySigns the encrypted SED Active Keyset.256 bitsCKG-DirectN/A256 bits
KDF Salt (EraseMaster and BandMaster unique)Symmetric KeyKDF Salts are integral to the PBKDF2 generation of each K and K derived a u authority key.256-bitsCKG-DirectN/A256-bits
Locking Range Keyset (LRK) LRK.AES Key LRK.XTS Key (BandMaster unique)Symmetric KeyLRKs in combination with the NSKs derive MEKs, which encrypt LBA bands256 bitsCKG-DirectN/A256 bits
MEK - Media Encryption Keyset MEK.AESEnc Key MEK.AESDec Key MEK.XTS Tweak Key (BandMaster unique)Derived Symmetric KeyMEKs encrypt and decrypt LBA bands. An MEK.AESDec key is the last entry of the key schedule for an MEK.AESEnc key.256 bitsCKG-CombinedN/A256 bits
MSIDPlaintextThe MSID string is the default password for the SID, EraseMaster and BandMaster authorities. Stored during the manufacturing process, the CM generates this thirty-two-character value by processing a CTR-DRBG generated random number through an Alphanumeric Character Conversion algorithm. The algorithm draws from a thirty-four-element character set to generate the MSID.32 bytesCKG-DirectN/A162.8 bits
MSID DigestMessage DigestAuthenticates the MSID PIN256 bitsHMAC-SHA2-256, InternalN/A256 bits
Namespace Keyset (NSK) NSK.AES Key NSK.XTS Key (BandMaster unique)Symmetric KeyNSKs in combination with the LRKs derive MEKs, which encrypt LBA bands.256 bitsCKG-DirectN/A256 bits
Non-Admin Authority Key (K ) u (BandMaster unique)Derived Symmetric KeyK keys encrypt and decrypt all UAKs u except UAK. a256 bitsPBKDF2, InternalN/A256 bits
OEM Firmware Key (OEM_FW Key)Public KeyThe OEM_FW Key verifies OEM firmware images and packages.3072-bitsHSM, ExternalN/A128-bits
OEM Original Factory State Key (OEM_OFS Key)Public KeyThe OEM_OFS Key verifies the OEM Original Factory Settings files.3072-bitsHSM, ExternalN/A128-bits
OEM_Release Key (OEM_Release Key)Public KeyThe OEM_Release Key verifies the outer signature of an OEM firmware package.3072-bitsHSM, ExternalN/A128-bits
Product Group Key (PROD_GROUP Key)Public KeyThe PROD_GROUP Key verifies OEM_FW Key certificates.3072-bitsHSM, ExternalN/A128-bits
PSIDPlaintextThe PSID string serves as authentication data and proof of physical presence for the Revert and RevertSP services. Stored during the manufacturing process, the CM generates this thirty- two-character value by processing a CTR-DRBG generated random number through an Alphanumeric Character Conversion algorithm. The algorithm draws from a thirty-four-element character set to generate the PSID.32 bytesCKG-DirectN/A162.8 bits8
PSID DigestMessage DigestAuthenticates the PSID256 bitsHMAC-SHA2-256, InternalN/A256 bits
Range Access Key (RAK) (BandMaster unique)Symmetric KeyRAKs encrypt and decrypt LRKs.256 bitsCKG-DirectN/A256 bits
Root Encryption KeySymmetric KeyThe Root Encryption Key encrypts the Global Active Keyset.256 bitsCKG-DirectN/A256 bits
Root Signing KeySymmetric KeySigns the encrypted Global Active Keyset.256 bitsCKG-DirectN/A256 bits
SecureBootPublicKeyPublic KeyThe SecureBootPublicKey verifies the OptiNAND Boot Code, Static data structures and parameters. The OptiNAND Download and Execute (DLE) module uses the SecureBootPublicKey to verify the RSA 3072 PSS signature of OptiNAND firmware.3072-bitsHSM, ExternalN/A128-bits
Security Core Firmware Key (SC_FW Key)Public KeyThe SC_FW Key verifies Access Control Module (ACM) security core firmware.3072-bitsHSM, ExternalN/A128-bits
Security Protocol Firmware Key (SP_FW Key)Public KeyThe SP_FW Key verifies ACM security protocol and services firmware.3072-bitsHSM, ExternalN/A128-bits
SED Active Encryption KeySymmetric KeyEncrypts and decrypts the SED AdminSP Active Keyset and the SED LockingSP Active Keyset.256 bitsCKG-DirectN/A256 bits
SED Active Signing KeySymmetric KeySigns the encrypted SED AdminSP Active Keyset and the SED LockingSP Active Keyset.256 bitsCKG-DirectN/A256 bits
SED AdminSP Encryption KeySymmetric KeyEncrypts and decrypts CSPs associated with an Admin SP.256 bitsCKG-DirectN/A256 bits
SED AdminSP Signing KeySymmetric KeySigns encrypted CSPs associated with an Admin SP.256 bitsCKG-DirectN/A256 bits
SED LockingSP Encryption KeySymmetric KeyEncrypts and decrypts CSPs associated with a Locking SP.256 bitsCKG-DirectN/A256 bits
SED LockingSP Signing KeySymmetric KeySigns encrypted CSPs associated with a Locking SP.256 bitsCKG-DirectN/A256 bits
SED Volatile Encryption KeySymmetric KeyEncrypts, and decrypts LRKs and MEKs.256 bitsCKG-DirectN/A256 bits
SED Volatile Signing KeySymmetric KeySigns encrypted LRKs and MEKs.256 bitsCKG-DirectN/A256 bits
sFFU_EncKeyPublic KeyDescrambles a Secure Field Firmware Update (sFFU) image256 bitsHSM, ExternalN/A256 bits
sFFUPublicKeyPublic KeyThe sFFUPublicKey verifies OptiNAND Secure Field Firmware Update (sFFU) images.3072-bitsHSM, ExternalN/A128-bits
SID PINPlaintextAuthentication Credential PIN for the Admin SP SID Authority.12 to 32 bytesN/AN/A96 to 256 bits
SID PIN DigestMessage DigestAuthenticates the SID PIN256 bitsHMAC-SHA2-256, InternalN/A256 bits
Storage Device Boot FW Key (SD_BFW Key)Public KeyThe SD_BFW Key is public key used to verify all boot flash images.3072-bitsHSM, ExternalN/A128-bits
Storage Device Certification Authority Key (SD_CA Key)Public KeyThe SD_CA Key is the Master RSA 3072 public key used to verify the Secure Loader image3072-bitsHSM, ExternalN/A128-bits
Storage Device Secure Message Key (SD_SM Key)Public KeyThe SD_SM Key verifies secure messages used for manufacturing, development, and failure analysis3072-bitsHSM, ExternalN/A128-bits
SVSPublicKeyPublic KeyThe SVSPublicKey verifies OptiNAND Unlock commands3072-bitsHSM, ExternalN/A128-bits
MethodDescriptionRationaleOperator Initiation Capability
Power CyclePower cycling involves disconnecting and reconnecting the CM to its source of power.The operator physically or remotely disconnects the CM from its source of power.
RevertThe Revert method cryptographically erases CSPs, removes the owner’s Authentication Credentials and returns the Cryptographic Module to its original manufactured state.The operator transmits a command to the CM as the TPer to initiate a zeroisation process.
RevertSPThe RevertSP method cryptographically erases CSPs. RevertSP removes the owner’s Authentication Credentials and returns the Cryptographic Module to its original manufactured state. The CM preserves Global Range data if the KeepGlobalRangeKey parameter is set to True.The operator transmits a command to the CM as the TPer to initiate a zeroisation process.
Secure Manufacturing Reconfiguration ProcessThe secure manufacturing reconfiguration processes incorporates a hardware security module (HSM) and supporting security software to inject cryptographic keys, digital certificates and assure only authentic firmware is installed on the Cryptographic Module.The operator transmits proprietary commands to the CM to initiate a rebuild process that zeroizes and regenerates the symmetric and asymmetric key trees.
TCG EraseThe TCG Erase method cryptographically erases user data by regenerating the Locking Range Key (LRK) and Media Encryption Key (MEK) associated with a data range.The operator transmits a command to the CM as the TPer to initiate a user data erasure process.

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED 9.3 SSP Zeroization Methods Zeroization of persistent SSPs complies with the cryptographic erasure requirements for SCSI Hard Disk drives within [SP 800 88], Guidelines for Media Sanitization. The Cryptographic Module zeroizes ephemeral SSPs by overwriting the SSP memory location with all zeros within the scope of the function call. Table 17 SSP Zeroization Methods 9.4 SSPs Table 18 SSPs Part 1 N/A (UAKa) N/A

Page 41

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A

Page 42

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED N/A N/A N/A except UAKa. N/A N/A N/A N/A N/A

Page 43

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED N/A N/A N/A N/A N/A N/A N/A N/A N/A

8 E = log2(RL), where E = authentication strength, R = pool of unique characters and L = password length, https://www.pleacher.com/mp/mlessons/algebra/entropy.html

Page 44

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A

Page 45
Sensitive security parameter
NameTypeDescriptionStrengthGenerationStorageUseInputTemporary Storage DurationZeroisation MethodsCategoryRelated SSPs
User Access Key (UAK) (BandMaster unique)Symmetric KeyEncrypts and decrypts the RAK associated with a BandMasters.256 bitsCKG-Direct256 bits
User Management Key (UMK)Symmetric KeyEncrypts and decrypts UAKs.256 bitsCKG-Direct256 bits
Admin Authority Key (K ) aIRAM, PlaintextAES-CBC-256 (Cert #AES 3580)N/AEphemeral, destroyed after use.N/ACSPEncrypts UAKs and the UMK, Derived from EraseMaster PIN and EraseMaster associated KDF Salt
Anybody User AccessIRAM - PlaintextAES-CBC-256 (Cert #AES 3580)N/APower up to power downPower CycleCSPDecrypts RAKs
Key (UAK ) aDisk Media, EncryptedRevert RevertSP
BandMaster PIN (16 total)IRAM - PlaintextPBKDF2 (Cert #A2100) HMAC-SHA2- 256 (Cert #HMAC 2280)Authentication Credential PINEphemeral, destroyed after use.N/ACSPPaired with associated BandMaster PIN Digest, KDF Salt, and K key u
BandMaster PIN DigestDisk Media, SignedHMAC-SHA2- 256 (Cert #HMAC 2280)N/ARevert RevertSPCSPGenerated from associated BandMaster PIN and the SED Active Signing Key
DRBG.KeyIRAM, PlaintextCTR_DRBG (Cert #A2098)N/APower up to power downPower CycleCSPPaired with DRBG.Seed and DRBG.V
DRBG.SeedIRAM -CTR_DRBGN/APower up toPower CycleCSPPaired with
Sensitive security parameter
NameTypeDescriptionStrengthGenerationStorageUseInputTemporary Storage DurationZeroisation MethodsCategoryRelated SSPs
User Access Key (UAK) (BandMaster unique)Symmetric KeyEncrypts and decrypts the RAK associated with a BandMasters.256 bitsCKG-Direct256 bits
User Management Key (UMK)Symmetric KeyEncrypts and decrypts UAKs.256 bitsCKG-Direct256 bits
Admin Authority Key (K ) aIRAM, PlaintextAES-CBC-256 (Cert #AES 3580)N/AEphemeral, destroyed after use.N/ACSPEncrypts UAKs and the UMK, Derived from EraseMaster PIN and EraseMaster associated KDF Salt
Anybody User AccessIRAM - PlaintextAES-CBC-256 (Cert #AES 3580)N/APower up to power downPower CycleCSPDecrypts RAKs
Key (UAK ) aDisk Media, EncryptedRevert RevertSP
BandMaster PIN (16 total)IRAM - PlaintextPBKDF2 (Cert #A2100) HMAC-SHA2- 256 (Cert #HMAC 2280)Authentication Credential PINEphemeral, destroyed after use.N/ACSPPaired with associated BandMaster PIN Digest, KDF Salt, and K key u
BandMaster PIN DigestDisk Media, SignedHMAC-SHA2- 256 (Cert #HMAC 2280)N/ARevert RevertSPCSPGenerated from associated BandMaster PIN and the SED Active Signing Key
DRBG.KeyIRAM, PlaintextCTR_DRBG (Cert #A2098)N/APower up to power downPower CycleCSPPaired with DRBG.Seed and DRBG.V
DRBG.SeedIRAM -CTR_DRBGN/APower up toPower CycleCSPPaired with
(Cert #A2098)Plaintext(Cert #A2098)power downDRBG.Key and DRBG.V
DRBG.VIRAM, PlaintextCTR_DRBG (Cert #A2098)N/APower up to power downPower CycleCSPPaired with DRBG.Seed and DRBG.V
ESVIRAM, PlaintextCTR_DRBG (Cert #A2098)N/APower up to power downPower CycleCSPPaired with DRBG.Seed
EraseMaster PINIRAM - PlaintextPBKDF2 (Cert #A2100 HMAC-SHA2- 256 (Cert #HMAC 2280)Authentication Credential PINEphemeral Destroyed after useN/ACSPPaired with EraseMaster PIN Digest, KDF Salt, and K key a
EraseMaster PIN DigestDisk Media, SignedHMAC-SHA2- 256 (Cert #HMAC 2280)N/ARevert RevertSPCSPGenerated from EraseMaster PIN and SED Active Signing Key
Global Active Encryption Key (AEK)NOR Flash, EncryptedAES-CBC-256 (Cert #AES 3580)N/ASecure Manufacturing Reconfiguration ProcessCSPEncrypts and decrypts the SED Active Keyset, NSKs and UAK a
Global Active Signing KeyNOR Flash, EncryptedHMAC-SHA2- 256 (Cert #HMAC 2280)N/ASecure Manufacturing Reconfiguration ProcessCSPDerived from AEK and SED Active Keyset
KDF Salt (EraseMaster and BandMaster unique)Disk Media, SignedHMAC-SHA2- 256 (Cert #HMAC 2280) PBKDF2 (Cert #A2100)N/ARevert RevertSPPSPPaired with associated BandMaster PINs, the EraseMaster PIN, K key, and a K keys u
Locking Range Keyset (LRK) LRK.AES Key LRK.XTS Key (BandMaster unique)DRAM, EncryptedXORN/AGeneration to power down.Power Cycle Revert RevertSP TCG EraseCSPPaired with associated NSK and MEK, Encrypted by SED Volatile Key
Disk Media, EncryptedDisk Media, EncryptedRevert RevertSP TCG ErasePaired with associated NSK and MEK, Encrypted by associated RAK
Media Encryption Keyset (MEK) MEK.AESEnc Key MEK.AESDec Key MEK.XTS Tweak Key (BandMaster unique)DRAM, EncryptedAES-XTS-256 (Cert #A2101)N/AGeneration to power down.Power CycleCSPGenerated from associated LRK and NSK, Encrypted by SED Volatile Key
MSIDIRAM, PlaintextHMAC-SHA2- 256 (Cert #HMAC 2280)N/AEphemeral Destroyed after use.N/APSPPaired with MSID Digest, Signed by the SED Active Signing Key
NOR Flash, SignedNOR Flash, SignedN/A
MSID DigestDisk Media, SignedHMAC-SHA2- 256 (Cert #HMAC 2280)N/ARevert RevertSPCSPGenerated from the MSID and the SED Active Signing Key
Namespace Keyset (NSK)DRAM, EncryptedXORN/AGeneration to power down.Power CycleCSPPaired with associated LRK and MEK, Encrypted by Global Active Encryption Key
NSK.AES Key NSK.XTS Key (BandMaster unique)Disk Media, EncryptedN/ARevert RevertSP
Non-Admin Authority Key (K ) u (BandMaster unique)N/AAES-CBC-256 (Cert #AES 3580)N/AEphemeral, destroyed after useN/ACSPDerived from associated BandMaster PIN and KDF Salt, Encrypts UAKs
OEM Firmware Key (OEM_FW Key)NOR Flash, SignedRSA SigVer (Cert #A2098)Public KeyN/ANeitherVerified by PROD_GROUP Key
OEM Original Factory State Key (OEM_OFS Key)NOR Flash, SignedRSA SigVer (Cert #A2098)Public KeyN/ANeitherVerified by PROD_GROUP Key
OEM_Release Key (OEM_Release Key)NOR Flash, SignedRSA SigVer (Cert #A2098)Public KeyN/ANeitherVerified by PROD_GROUP Key
Product Group Key (PROD_GROUP Key)NOR Flash, SignedRSA SigVer (A2098)Public KeyN/ANeitherVerified by SD_CA Key
PSIDIRAM, PlaintextHMAC-SHA2- 256 (Cert #HMAC 2280)N/AGeneration to power down.Power CyclePSPPaired with PSID Digest Encrypted by SED Active Encryption Key, Signed by SED Active Signing Key
NOR Flash, Encrypted and signedNOR Flash, Encrypted and signedN/AN/A
PSID DigestDisk Media, SignedHMAC-SHA2- 256 (Cert #HMAC 2280)N/AN/ARevert RevertSPCSPGenerated from PSID and the SED Active Signing Key
Range Access Key (RAK) (BandMaster unique)Disk Media, EncryptedAES-CBC-256 (Cert #AES 3580)N/ARevert RevertSPCSPEncrypted by associated UAK, Encrypts associated LRK.
Root Encryption KeyOTPAES-CBC-256 (Cert #AES 3580) AES-ECB-256 (Cert #AES 3580) KWP-AD (Cert #A2098) KWP-AE (Cert #A2098)N/ASecure Manufacturing Reconfiguration ProcessCSPEncrypts Global Active Keyset, Wraps Root Signing Key
Root Signing KeyNOR Flash, EncryptedHMAC-SHA2- 256 (Cert #HMAC 2280)N/ASecure Manufacturing Reconfiguration ProcessCSPSigns Global Active Encryption Key, Wrapped by Root Encryption
SecureBootPublicKeyMasked ROM, OptiNANDRSA SigVer (Cert #A2099)Public KeyN/ANeitherVerifies OptiNAND firmware image, Signs sFFUPublicKey
Security Core Firmware Key (SC_FW Key)NOR Flash, SignedRSA SigVer (Cert #A2098)Public KeyN/ANeitherVerified by SD_CA Key
Security Protocol Firmware Key (SP_FW Key)NOR Flash, SignedRSA SigVer (Cert #A2098)Public KeyN/ANeitherVerified by SD_CA Key
SED Active Encryption KeyNOR Flash, EncryptedAES-CBC-256 (Cert #AES 3580)N/ARevert RevertSPCSPEncrypts the SED AdminSP Active Keyset, Encrypts the SED LockingSP Active Keyset
SED Active Signing KeyNOR Flash, EncryptedHMAC-SHA2- 256 (Cert #HMAC 2280)N/ARevert RevertSPCSPSigns the SED AdminSP Active Keyset, Signs the SED LockingSP Active Keyset
SED AdminSP Encryption KeyNOR Flash, EncryptedAES-CBC-256 (Cert #AES 3580)N/ARevert RevertSPCSPEncrypts CSPs associates with an Admin SP
SED AdminSP Signing KeyNOR Flash, EncryptedHMAC-SHA2- 256 (Cert #HMAC 2280)N/ARevert RevertSPCSPSigns CSPs associated with an Admin SP
SED LockingSP Encryption KeyNOR Flash, EncryptedAES-CBC-256 (Cert #AES 3580)N/ARevert RevertSPCSPEncrypts CSPs associated with a Locking SP
SED LockingSP Signing KeyNOR Flash, EncryptedHMAC-SHA2- 256 (Cert #HMAC 2280)N/ARevert RevertSPCSPSigns CSPs associated with a Locking SP
SED Volatile Encryption KeyIRAM, PlaintextAES-CBC-256 (Cert #AES 3580)N/APower up to power downPower Cycle Revert RevertSPCSPEncrypts LRKs and MEKs.
SED Volatile Signing KeyIRAM, PlaintextHMAC-SHA2- 256 (Cert #HMAC 2280)N/APower up to power downPower Cycle Revert RevertSPCSPSigns encrypted LRKs and MEKs.
sFFUEncKeyNAND Flash, OptiNAND, SignedAES-CBC-256 (Cert #A2099)Public KeyN/ANeitherSigned by SecureBootPublic Key
sFFUPublicKeyNAND Flash, OptiNAND, SignedRSA SigVer (Cert #A2099)Public KeyN/ANeitherSigned by SecureBootPublic Key
SID PINIRAM - PlaintextPBKDF2 (A2100) HMAC-SHA2- 256 (Cert #HMAC 2280)Authentication Credential PINEphemeral Destroyed after useN/ACSPPaired with SID PIN Digest
SID PIN DigestDisk Media - EncryptedHMAC-SHA2- 256 (Cert #HMAC 2280)N/ARevert RevertSPCSPGenerated from SID PIN and SED Active Signing Key
Storage Device Boot FW Key (SD_BFW Key)NOR Flash, SignedRSA SigVer (Cert #A2098)Public KeyN/ANeitherSigned by SD_CA Key
Storage Device Certification Authority Key (SD_CA Key)NOR Flash, Plaintext OTP, SHA-256 digestRSA SigVer (Cert #A2098)Public KeyN/ANeitherSigns SD_BFW Key, SD_SM Key, SC_FW Key, SP_FW Key and PROD_GROUP Key
Storage Device Secure Message Key (SD_SM Key)NOR Flash, SignedRSA SigVer (Cert #A2098)Public KeyN/ANeitherSigned by SD_CA Key
SVSPublicKeyNAND Flash, OptiNAND, SignedRSA SigVer (Cert #A2099)Public KeyN/ANeitherSigned by SecureBootPublic Key
User Access Key (UAK) (BandMaster unique)Disk Media, EncryptedAES-CBC-256 (Cert #AES 3580)N/ARevert RevertSPCSPEncrypts BandMaster associated RAK
User Management Key (UMK)Disk Media, EncryptedAES-CBC-256 (Cert #AES 3580)N/ARevert RevertSPCSPEncrypts UAKs

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED N/A N/A Table 19 SSPs Part 2 (Ka) N/A Key (UAKa) N/A N/A N/A N/A N/A N/A

Page 46

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED N/A N/A N/A N/A Ku keys N/A N/A N/A N/A

Page 47

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Key (Ku)

Page 48

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A

Page 49

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED N/A N/A N/A N/A N/A N/A N/A N/A N/A

Page 50

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED N/A N/A N/A N/A HMAC-SHA2Authentication N/A N/A N/A N/A N/A N/A

Page 51
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic MethodDetailsTest PropertiesIndicatorPeriodic MethodConditionsCoverage
RSA SigVer (Cert # A2098, Cert #SHS 2942)RSA SigVer (Cert # A2098, Cert #SHS 2942)Digital Signature VerificationSW/FW IntegrityOn DemandManuallyVerify Digital Signature.3072-bit, PSS w/SHA2-256Pass: Boot to the firmware image Fail: Device Unavailable
ESV (Cert # ESV13)ESV (Cert # ESV13)SP 800-90B Health-TestCritical FunctionOn DemandManuallyVerifies that the RCT Threshold was not exceeded as specified in [SP 800 90B]Repetition Count Test (RCT)Pass: Next test Fail: Device Unavailable
ESV (Cert # ESV13)ESV (Cert # ESV13)SP 800-90B Health-TestCritical FunctionOn DemandManuallyVerifies that the APT Threshold was not exceeded as specified in [SP 800 90B]Adaptive Proportion Test (APT)Pass: Next test Fail: Device Unavailable
RSA SigVer (Cert # A2099)RSA SigVer (Cert # A2099)3072-bit, PSS w/SHA2- 256, SecureBootPublicKeyDigital Signature VerificationVerify Digital Signature.On DemandPass: Boot to the firmware image Fail: Device UnavailableSW/FW IntegrityManually
AES-CBCAES-CBCKnown Answer (KAT)CASTOn DemandManuallyEncrypt, verifyPass: Next test Fail: Device DegradedAES, 256-bit, CBCPower upCert #AES 3580IG 10.3.A
AES-CBCAES-CBCKATCASTOn DemandManuallyDecrypted, verifyPass: Next test Fail: Device DegradedAES, 256-bit, CBCPower upCert #AES 3580IG 10.3.A
AES-ECBAES-ECBKATCASTOn DemandManuallyEncrypt, verifyPass: Next test Fail: Device DegradedAES, 256-bit, ECBPower upCert #AES 3580IG 10.3.A
AES-ECBAES-ECBKATCASTOn DemandManuallyDecrypted, verifyPass: Next test Fail: Device DegradedAES, 256-bit, ECBPower upCert #AES 3580IG 10.3.A
AES-ECBAES-ECBKATCASTOn DemandManuallyEncrypt, verifyPass: Next test Fail: Device DegradedAES, 256-bit, ECB, DEEPower upCert #A2101IG 10.3.A

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED N/A N/A

10 Self-Tests

The Cryptographic Module performs pre-operational self-tests automatically at powered up and after installing a new firmware image. Pre-operational self-tests tests ensure that the Cryptographic Module is not corrupted, and all cryptographic algorithms work as expected. The Cryptographic Module inhibits all data output via the “data output” interface and the execution of loaded or modified approved security functions while executing the preoperational self-tests.

10.1 Pre-Operational Self-Tests

Cryptographic Module The Cryptographic Module performs the pre-operational self-test listed in Table 20 at power up, in response to a self-initiated reset and prior to booting to a new firmware image. The execution of the ESV Critical Function and RSA SigVer SW/FW Integrity self-tests satisfy AS10.23. Upon failure the Cryptographic Module transitions to a Device Unavailable error state. Table 20 CM Pre-Operational Self-Tests

Page 52
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic MethodDetailsIndicatorPeriodic MethodConditionsCoverage
RSA SigVer (Cert # A2099)RSA SigVer (Cert # A2099)3072-bit, PSS w/SHA2- 256, SecureBootPublicKeyDigital Signature VerificationVerify Digital Signature.On DemandPass: Boot to the firmware image Fail: Device UnavailableSW/FW IntegrityManually
AES-CBCAES-CBCKnown Answer (KAT)CASTOn DemandManuallyEncrypt, verifyPass: Next test Fail: Device DegradedAES, 256-bit, CBCPower upCert #AES 3580IG 10.3.A
AES-CBCAES-CBCKATCASTOn DemandManuallyDecrypted, verifyPass: Next test Fail: Device DegradedAES, 256-bit, CBCPower upCert #AES 3580IG 10.3.A
AES-ECBAES-ECBKATCASTOn DemandManuallyEncrypt, verifyPass: Next test Fail: Device DegradedAES, 256-bit, ECBPower upCert #AES 3580IG 10.3.A
AES-ECBAES-ECBKATCASTOn DemandManuallyDecrypted, verifyPass: Next test Fail: Device DegradedAES, 256-bit, ECBPower upCert #AES 3580IG 10.3.A
AES-ECBAES-ECBKATCASTOn DemandManuallyEncrypt, verifyPass: Next test Fail: Device DegradedAES, 256-bit, ECB, DEEPower upCert #A2101IG 10.3.A

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED OptiNAND Device The OptiNAND device performs the pre-operational self-test listed below at power up, in response to a self-initiated reset and prior to booting to a new firmware image. Upon failure, the device returns a UEC error code, aborts booting to the firmware image and transitions to a Device Unavailable error state. The execution of the SW/FW Integrity self-test satisfies AS10.23. Table 21 OptiNAND Pre-Operational Self-Tests

10.2 Conditional Self-Tests

Cryptographic Module Conditional Self-Tests The Cryptographic Module performs the listed conditional self-tests. Upon failure the Cryptographic Module, with exception of the ESV self-tests, transitions to a Device Degraded error state. Conditional ESV self-test failures cause the CM to transition to a Device Unavailable error state. Table 22 CM Conditional Self-Tests

Page 53
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic MethodDetailsIndicatorConditionsCoverage
AES-ECBAES-ECBKATCASTOn DemandManuallyDecrypt, verifyAES, 256-bit, ECB, DEEPass: Next test Fail: Device DegradedPower upCert #A2101IG 10.3.A
AES-XTSAES-XTSNon- equivalence test9Critical FunctionOn DemandProgrammaticallyVerifyAES, 256-bit, XTSFail: UEC error codeLRK and NSK generationCert #A2101IG C.I
DRBGDRBGKATCASTOn DemandProgrammaticallyVerify5120-bit seedPass: Next test Fail: Device UnavailablePower upCert #A2098IG 10.3.A
ESVESVRCTCASTOn DemandManuallyVerifies that the RCT threshold was not exceeded as specified in [SP 800 90B]Repetition Count Test (RCT)Pass: Next test Fail: Device UnavailablePower upCert #ESV13IG 10.3.A
After 232 CTR_DRBG reseeds.ProgrammaticallyAfter 232 CTR_DRBG reseeds.
ESVESVAPTCASTOn DemandManually .Verifies that the APT threshold was not exceeded as specified in [SP 800 90B]Adaptive Proportion Test (APT)Pass: Next test Fail: Device UnavailablePower upCert #ESV13IG 10.3.A
After 232 CTR_DRBG reseedsProgrammaticallyAfter 232 CTR_DRBG reseeds
HMAC- SHA2-256HMAC- SHA2-256KATCASTOn DemandManuallyVerifyMessage, 256- bit key, 256- bit hash digestPass: Next test Fail: Device DegradedPower upCert #HMAC 2280IG 10.3.A
PBKDF2PBKDF2KATCASTOn DemandManuallyVerify256-bit Salt Iteration Count: 1024Pass: Next test Fail: Device DegradedPower upCert #A2100IG 10.3.A
RSA SigVerRSA SigVerKATCASTOn DemandManuallyVerify3072-bit public key, 256-bit hash digestPass: Next test Fail: Device DegradedPower upCert #A2098, Cert #SHS 2942IG 10.3.A

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED Nonequivalence HMACSHA2-256 Message, 256bit key, 256KAT

Page 54
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic MethodDetailsIndicatorConditionsCoverageCoverage NotesTest Properties
RSA SigVerRSA SigVerDigital Signature VerificationSW/FW Load TestOn DemandProgrammaticallyVerify3072-bit public key, 256-bit hash digest, OEM_Release KeyPass: Boot to new image Fail: UEC error codeFirmware downloadCert #A2098, Cert #SHS 2942IG 10.3.A
SHA2-256SHA2-256KATCASTOn DemandManuallyVerifyMessage, 256- bit hash digestPass: Next test Fail: Device DegradedPower upCert #SHS 2942IG 10.3.A
SP 800-38F KWSP 800-38F KWKATCASTOn DemandManuallyAuthenticate d Encrypt, verify256-bit KEKPass: Next test Fail: Device DegradedPower upCert #A2098IG 10.3.A
SP 800-38F KWSP 800-38F KWKATCASTOn DemandManuallyAuthenticate d Decrypt, verify256-bit KEKPass: Next test Fail: Device DegradedPower upCert #A2098IG 10.3.A
AES-CBCAES-CBCKATCASTOn DemandManuallyEncrypt, verifyPass: Next test Fail: Device DegradedPower upCert #A2099IG 10.3.AAES, 256-bit, CBC
AES-CBCAES-CBCKATCASTOn DemandManuallyDecrypt, verifyPass: Exit self-test suite Fail: Device DegradedPower upCert #A2099IG 10.3.AAES, 256-bit, CBC
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic MethodDetailsIndicatorConditionsCoverageCoverage NotesTest Properties
RSA SigVerRSA SigVerDigital Signature VerificationSW/FW Load TestOn DemandProgrammaticallyVerify3072-bit public key, 256-bit hash digest, OEM_Release KeyPass: Boot to new image Fail: UEC error codeFirmware downloadCert #A2098, Cert #SHS 2942IG 10.3.A
SHA2-256SHA2-256KATCASTOn DemandManuallyVerifyMessage, 256- bit hash digestPass: Next test Fail: Device DegradedPower upCert #SHS 2942IG 10.3.A
SP 800-38F KWSP 800-38F KWKATCASTOn DemandManuallyAuthenticate d Encrypt, verify256-bit KEKPass: Next test Fail: Device DegradedPower upCert #A2098IG 10.3.A
SP 800-38F KWSP 800-38F KWKATCASTOn DemandManuallyAuthenticate d Decrypt, verify256-bit KEKPass: Next test Fail: Device DegradedPower upCert #A2098IG 10.3.A
AES-CBCAES-CBCKATCASTOn DemandManuallyEncrypt, verifyPass: Next test Fail: Device DegradedPower upCert #A2099IG 10.3.AAES, 256-bit, CBC
AES-CBCAES-CBCKATCASTOn DemandManuallyDecrypt, verifyPass: Exit self-test suite Fail: Device DegradedPower upCert #A2099IG 10.3.AAES, 256-bit, CBC
RSA SigVerRSA SigVerDigital Signature VerificationCASTOn DemandProgrammaticallyVerify Digital SignaturePass: Boot to new image Fail: UEC error codeFirmware downloadCert #A2099IG 10.3.A3072-bit public key, 256-bit hash digest, sFFUPublicKey
SHA2-256SHA2-256KATCASTOn DemandManuallyVerifyPass: Next test Fail: Device DegradedPower upCert #A2099IG 10.3.AMessage, 256-bit hash digest

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED Message, 256KAT OptiNAND Conditional Self-Tests The OptiNAND device performs the conditional self-test listed below. If any conditional self-test fails, the OptiNAND device executes a self-initiated reset or enters a Device Degraded error state. If the OptiNAND device enters a Device Degraded error state, the Cryptographic Module reports the error condition by transmitting an UEC error code to the host system. After entering the Device Degraded error state, the OptiNAND device does not process functional commands unless a power cycle occurs and clears the error state. Table 23 OptiNAND Conditional Self-Tests

Page 55
Service
NameDescriptionRole AccessIndicator
Device DegradedThis error indicates that one of the conditional self-tests listed in Table 22 or Table 23 failed. In this state, the module no longer services any I/O command. The module only responds to non-I/O status inquiry commands.Conditional test failureUEC failure codePower cycle
Device UnavailableThis error indicates that a boot initialization, security subsystem initialization or firmware integrity failure event occurred. See Table 20 and Table 21. In this state, the module no longer responds to any operator commands.Pre-operational test failureDevice is unresponsivePower cycle

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED The Cryptographic Module does not enforce a policy that would result in the interruption of the module’s operations due to a periodic self-test. Table 24 Error States The operator may initiate an on-demand periodic self-test by power cycling the CM.

11 Life-Cycle Assurance
11.1 Installation, Initialization and Startup Procedures

After initialization, the CM operates and powers up in isFIPS mode. Prior to configuring the CM to comply with isFIPS mode configuration requirements, it operates in a noncompliant state. Regardless, the CM functions as a Secure Erase Drive (SED) that is compliant with the TCG Storage SSC: Enterprise Specification [TCG Enterprise]. Installation and Initialisation: The Crypto Officer is responsible for executing a Take-Ownership scenario to configure the Cryptographic Module to operationally comply with operator site requirements and assure that the Cryptographic Module is compliant with FIPS 140-3 at SL2.

Page 56

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED Informative Having the MSID Authentication Credential PIN electronically available to the operator constitutes a risk to the overall security of the Cryptographic Module. Therefore, the Crypto Officer should execute a Take-Ownership scenario the first time the Cryptographic Module is inserted into a system that replaces any Authentication Credential PIN that is set to the default MSID value with a value that is different from the MSID value and between 12 and 32 bytes in length. This assures compliance with ISO/IEC19790, Section 7.4.4 Authentication which states that, “…If default authentication data is used to control access to the module, then default authentication data shall [04.46] be replaced upon first-time authentication. This default authentication data does not need to meet the zeroisation requirements (7.9.7).” Take-Ownership Scenario Example

  1. Authenticate to the SID. a. If the CM authenticated to the SID with the default MSID value, change the SID PIN to a random value between 12 and 32 bytes in length.
  2. Use the Get service to determine if the logical firmware download port is set to lock on PowerCycle. a. If the logical firmware download port’s LockOnReset attribute is not set to PowerCycle utilize the Set service to set the LockOnReset attribute to PowerCycle.
  3. Authenticate to each BandMaster that is within the scope of the operator site requirements. a. If the CM authenticated to a BandMaster with the default MSID value, change the BandMaster PIN to a random value between 12 and 32 bytes in length. b. Utilize the Get Band Attributes service to determine the state of a BandMaster’s LockOnReset attribute. If the LockOnReset attribute is not set to PowerCycle, use the Set Band Attribute service to set the LockOnReset attribute to PowerCycle. c. Utilize the Get Band Attributes service to determine the state of a BandMaster’s ReadLockEnabled attribute. If the ReadLockEnabled attribute is not set to True, use the Set Band Attribute service to set the ReadLockEnabled attribute to True. d. Utilize the Get Band Attributes service to determine the state of a BandMaster’s WriteLockEnabled attribute. If the WriteLockEnabled attribute is not set to True, use the Set Band Attribute service to set the WriteLockEnabled attribute to True.
  4. Authenticate to the EraseMaster. a. If the CM authenticated to the EraseMaster with the default MSID value, change the EraseMaster PIN to a random value between 12 and
32 bytes in length.

Delivery: The Cryptographic Officer shall inspect the tamper evident seal that covers the Cryptographic Module’s PCBA for evidence of tampering. See Figure

13 for an example of tamper evidence. If tamper evidence is apparent, the CO should return the module to Western Digital.

11.2 Administrator Guidance

Hard disk drives are fragile. Do not drop or jar the drive. Hold the drive only by the enclosure.

Page 57

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED HDD electronics are sensitive to static electricity. Do not remove the CM from its antistatic container until ready to install. The operator engaged in the installation process should wear an antistatic wrist strap to ground to assure the discharge static electricity from any item or surface that my touch the CM. Hold the drive only by the metal case surrounding the drive. Avoid contacting with the SAS connector. To assure proper installation and operation, verify all cooling requirements are met prior to initiating the installation instructions within the Ultrastar DC HC560 3.5-inch Serial Attached SCSI Hard Disk Drive Specification [Product Manual] and Ultrastar DC HC570 3.5-inch Serial Attached SCSI Hard Disk Drive Specification [Product Manual]. The Ultrastar DC HC560 3.5-inch Serial Attached SCSI Hard Disk Drive Specification [Product Manual] and Ultrastar DC HC570 3.5-inch Serial Attached SCSI Hard Disk Drive Specification [Product Manual] provides additional administrator guidance.

11.3 Non-Administrator Guidance

Inspect the CM for damage to the case or SAS connector. If the CM exhibits damage, return the CM for warranty replacement service. The Ultrastar DC HC560 3.5-inch Serial Attached SCSI Hard Disk Drive Specification [Product Manual] and Ultrastar DC HC570 3.5-inch Serial Attached SCSI Hard Disk Drive Specification [Product Manual] provide non-administrator guidance.

11.4 Design and Rules

On power-up, if previously configured to comply with isFIPS mode, the Cryptographic Module automatically initializes to isFIPS mode without operator intervention. After successfully completing pre-operational and conditional self-tests, the CM transitions to an Approved mode operational state. In this state, the module awaits service requests from the operator. The implemented security features protect against remote and physical attacks across the complete product cycle from manufacturing build time to returns and failure analysis. The secure firmware boot and firmware download process assure firmware image integrity and prevents compromised firmware attacks. These features prevent the counterfeiting of the CM, hacking and unauthorized access to CM ports. The authentication scheme enforces port restrictions for processes that are only allowed within a secure manufacturing environment. These security features utilize cryptographically secure messages to block unauthorized access to CM ports and imposes manufacturing command set restrictions. The CM utilizes a cryptographic encryption and HMAC signing scheme to assure the protection of all SSPs stored outside the ACM RoT. Rules of Operation

  1. The Module provides two distinct operator roles: User and Cryptographic Officer.
  2. The Module provides role-based authentication.
  3. On power cycle the Module clears previous authentications.
  4. The Module complies with the lock-based authentication model. On power cycle, the Module locks unlocked services that require authentication to unlock (IG 4.1.A).
  5. Accept as allowed under the lock-based authentication model, the operator does not have access to any cryptographic services prior to assuming an authorized role.
  6. The Module allows the operator to initiate power-up self-tests by power cycling power or resetting the Module.
  7. All self-tests do not require any operator action.
Page 58

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED

  1. The Cryptographic Module inhibits data output during key generation, self-tests, zeroization, and error states.
  2. Status information does not contain CSPs or sensitive data that if misused could lead to a compromise of the Module.
  3. The Module implements multiple zeroisation service that vary in scope. Table 17 SSP Zeroization Methods defines scope of each zeroisation service.
  4. The Module does not support concurrent operators.
  5. The Module does not support a maintenance interface or role.
  6. The Module does not support manual SSP establishment method.
  7. The Module does not have any proprietary external input/output devices used for entry/output of data.
  8. The Module does not enter or output plaintext CSPs.
  9. The Module does not store any plaintext CSPs.
  10. The Module does not output intermediate key values.
  11. The Module does not provide bypass services or ports/interfaces.
11.5 Maintenance Requirements

The CM does not require periodic maintenance actions to maintain functional or secure operation.

11.6 End of Life

All CSPs stored within the volatile memory of the CM’s ACM RoT are inaccessible from outside the ACM RoT. The CM encrypts and signs all CSPs before storing them in volatile or non-volatile memory outside ACM RoT. Removing power instantaneously erases all CSPs stored within the CM’s volatile memory. Prior to the environmentally disposal of the CM owner should cryptographically erase the CM. For this purpose, the CM supports the TCG Opal Revert method [TCG Opal]. Revert enables the CM’s owner to cryptographically erase all CSPs and overwrite existing TCG settings to the default values that were set during manufacturing. If environmental disposal requirements require the zeroization of the Root Keyset, which consists of the Root Encryption Key and Root Signing Key, the CM owner must return the CM to Western Digital. Western Digital’s proprietary Secure Manufacturing Reconfiguration Process supports Root Keyset zeroization.

12 Mitigation of Other Attacks

The Cryptographic Module lacks features to mitigate any specific attacks beyond the scope of the requirements within FIPS 140-3 SL2.

13 References and Definitions

The Security Policy refers to the following specifications, references, and definitions.

Page 59
Acronyms
NameTermDefinitionAbbreviationSpecification Name
[FIPS 197][FIPS 197]Advanced Encryption Standard, FIPS PUB 197, NIST, May 2023
[FIPS 186][FIPS 186]Digital Signature Standard, FIPS PUB 186-5, NIST, February 2023
[FIPS 140][FIPS 140]Security Requirements for Cryptographic Modules, FIPS PUB 140-3, NIST, March 2019
[FIPS 140 IG][FIPS 140 IG]Implementation Guidance for FIPS 140-3 and the Cryptographic Module Validation Program, August 2024
[FIPS 198][FIPS 198]The Keyed-Hash Message Authentication Code, FIPS PUB 198-1, July 2008
[FIPS 180][FIPS 180]Secure Hash Standard (SHS), FIPS PUB 180-4, NIST, August 2015
[SP 800 38A][SP 800 38A]Recommendation for Block Cipher Modes of Operation: Methods and Techniques, NIST, December 2001
[SP 800 38E][SP 800 38E]Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices, NIST, January 2010
[SP 800 38F][SP 800 38F]Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping, NIST, December 2012
[SP 800 57][SP 800 57]Recommendation for Key Management – Part I General (Revision 5), NIST, May 2020
[SP 800 88][SP 800 88]Guidelines for Media Sanitization (Revision 1), NIST, December 2014
[SP 800 90A][SP 800 90A]Recommendation for Random Number Generation Using Deterministic Random Bit Generators (Revision 1), NIST, June 2015
[SP 800 90B][SP 800 90B]Recommendation for the Entropy Sources Used for Random Bit Generation, NIST, January 2018
[SP 800 131A][SP 800 131A]Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths (Revision 2), NIST, March 2019
[SP 800 132][SP 800 132]Recommendation for Password-Based Key Derivation, NIST, December 2010
[SP 800 133][SP 800 133]Recommendation for Cryptographic Key Generation (Revision 2), NIST, June 2020
[SP 800 140B][SP 800 140B]Cryptographic Module Validation Program (CMVP) Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B (Revision 1), NIST, November 2023
[SP 800 140C][SP 800 140C]CMVP Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759 (Revision 2), NIST, July 2023
[SP 800 140D][SP 800 140D]CMVP Approved Sensitive Security Parameter Generation and Establishment Methods: CMVP Validation Authority Updates to ISO/IEC 24759 (Revision 2), NIST, July 2023
[TCG Core][TCG Core]TCG Storage Architecture Core Specification, Version 2.01 Revision 1.00 (August 5, 2015))
[TCG Enterprise][TCG Enterprise]TCG Storage Security Subsystem Class: Enterprise Specification, Version 1.01 Revision 1.00 (August 5, 2015)
[TCG Ent App Notes][TCG Ent App Notes]TCG Storage Application Note: Encrypting Storage Devices Compliant with SSC: Enterprise, Version 1.00 Revision 1.00 Final
[TCG Opal][TCG Opal]TCG Storage Security Subsystem Class: Opal Specification, Version 2.01, Final Revision 1.00 (August 5, 2015)
[TCG SIIS][TCG SIIS]TCG Storage Interface Interactions Specification (SIIS), Version 1.07, (January 30, 2018)
[PSID][PSID]TCG Storage Opal SSC Feature Set: PSID, Specification Version 1.00, Final Revision 1.00 (August 5, 2015)
[SCSI Core][SCSI Core]SCSI Primary Commands (SPC-6), Revision 6, October 2021
[SCSI Block][SCSI Block]SCSI Block Commands (SBC-4), Revision 22, 29 September 2020
[SAS][SAS]Serial Attached SCSI (SAS-3), Revision 6, November 2013
[SFSC][SFSC]Security Features for SCSI Commands, Revision 2, September 2015
[Product Manual][Product Manual]Ultrastar DC HC560 3.5-inch Serial Attached SCSI Hard Disk Drive Specification, Version 1.1 (April 2022), https://www.westerndigital.com/support
[Product Manual][Product Manual]Ultrastar DC HC570 3.5-inch Serial Attached SCSI Hard Disk Drive Specification, Version 1.2 (September 2023), https://www.westerndigital.com/support
[Datasheet][Datasheet]Ultrastar DC HC560 Datasheet, (July 2022), D018-000383-AA02, https://www.westerndigital.com/support
[Datasheet][Datasheet]Ultrastar DC HC570 Datasheet, (August 2022), D018-000537-AA01, https://www.westerndigital.com/support
AbbreviationAbbreviationReference Name
[IETF][IETF]IETF RFC 2119, 1997, “Key words for use in RFCs to Indicate Requirement Levels.”
[PW][PW]Calculating Password Entropy: https://www.pleacher.com/mp/mlessons/algebra/entropy.html
[ISO 19790][ISO 19790]ISO/IEC 19790, Information technology - Security techniques - Security requirements for cryptographic modules, International Organization for Standardization (ISO), December 2015
Access Control Entry (ACE)Access Control Entry (ACE)Access control entries are entries in an access control list containing information describing the access rights
Access Control List (ACL)Access Control List (ACL)Access control list refers to the permissions attached to an object that specify which users have access to that object and the operations the user can perform.
AllowedAllowedNIST approved, i.e., recommended in a NIST Special Publication, or acceptable, i.e., no known security risk as opposed to deprecated, restricted, and legacy use. [SP 800 131A]

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED

13.1 NIST Specifications
13.2 Trusted Computing Group Specifications
Page 60
13.3 SCSI Specifications
13.4 Corporate References
13.5 Other References
14 Definitions
Page 61
NameDefinition
AnybodyA formal TCG term for an unauthenticated role. [TCG Core]
Approved mode of operationA mode of the Cryptographic Module that employs only approved security functions. [FIPS 140]
Approved[FIPS 140] approved or recommended in a NIST Special Publication.
AuthenticateProve the identity of an Operator or the integrity of an object.
Authentication Credential PINAn authentication credential (i.e., a password) associated with the SID, Admin SP Admin1, Locking SP Admin or Locking SP User Authority as defined in the TCG Storage Security Subsystem Class Opal, Specification [TCG Core].
AuthorizeGrant an authenticated Operator access to a service or an object.
CiphertextEncrypted data transformed by an Approved security function.
ConfidentialityA cryptographic property that blocks disclosure of sensitive information to unauthorized parties.
CredentialA formal TCG term for data used to authenticate an Operator. [TCG Core]
Critical Security Parameter (CSP)Security-related information (e.g., secret, and private cryptographic keys, and authentication data such as credentials and PINs) whose disclosure or modification can compromise the security of a Cryptographic Module. [FIPS 140]
Crypto OfficerAn Operator performing cryptographic initialization and management functions. [FIPS140]
Cryptographic BoundaryAn explicitly defined perimeter that establishes the boundary of all components (i.e. set of hardware, software, or firmware components) of the cryptographic module. [FIPS 140]
Cryptographic KeyA sequence of symbols that controls the operation of a cryptographic transformation. A cryptographic transformation can include but not limited to encipherment, decipherment, cryptographic check function computation, signature generation, or signature verification.
Cryptographic ModuleThe set of hardware, software, and/or firmware used to implement approved security functions contained within the cryptographic boundary. [FIPS 140]
Data at RestUser data residing on the storage device media rather than in transition.
DiscoveryA TCG method that provides the properties of the TCG device. [TCG Enterprise]
Download and Execute module (DLE)The DLE verifies the OptiNAND firmware RSA signature.
Field Firmware Update (sFFU)A secure Field Firmware Update replaces the firmware within aniNANDdevice.
Global Active Keyset (AEK)Set defined by the 256-bit Global Active Encryption Key and the 256-bit Global Active Signing Key
Hardware Security Module (HSM)A hardware security module is a physical computing device that safeguards and manages digital keys, performs
encryption and decryption functions for digital signatures, strong authentication, and other cryptographic
functions.
IF-RECVAn interface command used to retrieve security protocol data from the TPer [TCG Core].
IF-SENDAn interface command used to transmit security protocol data to the TPer [TCG Core].
OptiNAND®A UniversalFlash Storage (UFS) embedded flash device.
IntegrityA cryptographic property that blocks the modification or deletion of sensitive in an unauthorized and undetected manner.
InterfaceA logical entry or exit point of a Cryptographic Module that provides access to the Cryptographic Module for logical information flows. [FIPS 140]
Key Derivation Function (KDF)An Approved cryptographic algorithm that derives one or more keys from a secret value and other information.
Key Encrypting Key (KEK)A cryptographic key used to encrypt or decrypt other keys.

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED

Page 62
NameDefinition
Key managementThe activities involving the handling of cryptographic keys and other related security parameters during the entire life cycle of the Cryptographic Module. The handling of authentication data is representative of a key management activity.
Key WrapAn Approved cryptographic algorithm that uses a KEK to provide Confidentiality and Integrity.
LBA BandA formal term that defines a contiguous logical block range (sequential LBAs) to store encrypted User Data; bands do not overlap, and each has its own unique encryption key and other settable properties.
Manufactured SID (MSID)A unique default value assigned to each SED during manufacturing. An externally visible MSID value is not required if the user can derive the MSID from other information printed on the drive. The MSID is readable with the TCG protocol. It is the initial and default value for all Authentication Credentials. [TCG Core]
MethodA remote procedure call to an SP that initiates an action on the SP. [TCG Core]
ObjectAn object is any row of an object table. The object type is defined by the object table in which the object occurs. The columns of the object table define the contents of each object in it. [TCG Core]
Object TableObject tables provide storage for data that binds a set of methods and access controls to that data. [TCG Core]
ObjectUIDThe Unique ID (UID) of an Object. Each object table has a column named UID. This column contains an 8- byte unique identifier for that row. [TCG Core]
OFS fileThe CM uses an OFS file to reset the Cryptographic Module’s configuration back to its original factory setting during Revert and RevertSP operations.
One Time Programable (OTP)OTP memory is a special type of write once read only non-volatile memory.
OperatorA consumer, either human or automation, of cryptographic services that is external to the Cryptographic Module. [FIPS 140]
Personal Identification Number (PIN)A formal TCG term designating a string of octets used to authenticate an identity. [TCG Core]
PlaintextUnencrypted data.
PortA physical entry or exit point of a Cryptographic Module that. A port provides access to the Cryptographic Module’s physical signals. [FIPS 140]
PSID (Physical Security Identifier)A SED unique value printed on the Cryptographic Module’s label used as authentication data and proof of physical presence for the Zeroise Service.
Public Security Parameters (PSP)Public information, that if modified can compromise the security of the Cryptographic Module (e.g., a public key).
Read DataAn external request to transfer User Data from the SED. [SCSI Block]
Reserved AreaInternal data on the storage medium within the cryptographic boundary that is not accessible to an operator.
Root KeysetA set of 256-bit keys that consist of the Root Encryption Key and Root Signing Key.
SD_CA KeyStorage Device Certification Authority Key (X509v3). This key serves as the Cryptographic Module’s Master RSA Public Key and is the root source of verification for all other key certificates. The SD_CA Key signs the SecureLoader. A manufacturing process injects the SD_CA Key within the CM and stores a hash of the SD_CA Key in OTP memory
Secure Field Firmware Update (sFFU)OptiNAND firmware update image.
Security Identifier (SID)The authority that represents the TPer owner. Crypto Officer serves in this role. [TCG Core]
Security Provider (SP)A TCG term used to define a collection of Tables and Methods with access control.
SED Active KeysetA set of 256-bit keys that consists of the SED Active Encryption Key and the SED Active Signing Key.
SED AdminSP Active KeysetA set of 256-bit keys that consists of the SED AdminSP Active Encryption Key and the SED AdminSP Active Signing Key.

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED

Page 63
Acronyms
NameTermDefinitionDefinition
AEKAEKActive Encryption Key
AENAENAsynchronous Event Notification
AESAESAdvanced Encryption Standard (FIPS 197)
ACEACEAccess Control Entry
ACLACLAccess Control List
CBCCBCCipher Block Chaining, an operational mode of AES
CMCMCryptographic Module
COCOCrypto Officer [FIPS 140]
CRCCRCCyclic Redundancy Check
DEEDEEData Encryption Engine
DLEDLEOptiNAND Download and Execute firmware
DRAMDRAMDynamic Random Access Memory
DRBGDRBGDeterministic Random Bit Generator
EDCEDCError Detection Code
EMIEMIElectromagnetic Interference
FIDFIDFlash Internal Data
FIPSFIPSFederal Information Processing Standard
FSECFSECFlash Security Data
HDDHDDHard Disk Drive
HSMHSMHardware Security Module
IVIVInitialization Vector
KATKATKnown Answer Test
KDFKDFKey Derivation Function
KEKKEKKey Encrypting Key
LBALBALogical Block Address
MEKMEKMedia Encryption Key
MSIDMSIDManufactured Security Identifier
NANDNANDNegative AND Flash Memory technology
NISTNISTNational Institute of Standards and Technology
NORNORNegative OR Flash Memory technology
OFSOFSOriginal Factory Setting
OTPOTPOne Time Programable
PBKDF2PBKDF2Password Base Key Derivation Function
PINPINPersonal Identification Number
PORPORPower on Reset
PSIDPSIDPhysical Security Identifier
PSPPSPPublic Security Parameter
RIDRIDReserved Area Internal Data
NameDefinition
SED Global Active KeysetA set of 256-bit keys that consists of the Global Active Encryption Key (AEK) and the Global Active Signing Key.
SED LockingSP Active KeysetA set of 256-bit keys that consists of the SED LockingSP Active Encryption Key and the SED LockingSP Active Signing Key. The keyset protects TCG protocol LockingSP CSPs.
SED Volatile KeysetA set of 256-bit keys that consists of the SED Volatile Key and the SED Volatile Signing Key.
Self-Encrypting Drive (SED)A storage device that provides data storage services, which automatically encrypts all user data written to the device and automatically decrypts all user data read from the device.
SessionA formal TCG term that envelops the lifetime of an Operator’s authentication. [TCG Core]
Small Form Factor (SFF)Small form factor is a computer form factor designed to minimize the volume and footprint of a desktop
computer.
Storage MediumThe non-volatile, persistent storage location within a SED partitioned into disjointed sets defined by a User Data area, and a Reserved Area.
TableThe basic data structures within a Security Provider (SP). Object tables store persistent SP state data defined in TCG Core specification. [TCG Core]
TableUIDThe Unique ID (UID) of a Table. Each object table has a column named UID. This column contains an 8- byte unique identifier for that row. [TCG Core]
TPerA Trusted Peripheral. The TPer manages trusted storage-related functions and data structures. [TCG Core]
TPer OwnerThe SID Authority (Crypto Officer) represents TPer Owner.
Triple Level Cell (TLC)Triple level cells refer to NAND flash devices that store three bits of information per cell, with eight total voltage states.
User DataData transferred from/to a SED using the Read Data and Write Data commands. [SCSI Block]
UserAn Operator that consumes cryptographic services. [FIPS 140]
Write DataAn external request to transfer User Data to a SED. [SCSI Block]
ZeroiseInvalidate a Critical Security Parameter. [FIPS 140]

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED

15 Acronyms
Page 64

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED

Page 65
Acronyms
NameTermDefinition
SASSASSerial Attached SCSI
SCSISCSISmall Computer System Interface
SD_CASD_CAStorage Device Certification Authority
SECDSECDSecurity Data
SEDSEDSelf-Encrypting Drive
SFFSFFSmall Form Factor
sFFUsFFUSecure Field Firmware Update
SIDSIDSecurity Identifier, The TCG authority representing the TPer Owner (Cryptographic Officer)
SIOSIOSerial Input/Output
SOCSOCSystem-on-a-Chip
SPSPSecurity Provider [TCG Core], also Security Policy [FIPS 140]
SSCSSCSubsystem Class
SWGSWGStorage Work Group
TCGTCGTrusted Computing Group
TLCTLCTriple Level Cell
UECUECUniversal Error Code
UIDUIDUnique Identifier
XTSXTSA mode of AES that utilizes"Tweakable" block ciphers

Ultrastar® DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED

Referenced URLs