`Seagate SecureŽ TCG Opal SSC SED FIPS 140-2 Module Security Policy
Rev. 1.8
Page 7
2.6.2
TCG Opal Security Mode
This mode provides services through industry-standard ATA commands, TCG Opal commands addressed
to the TCG Admin SP, and TCG Opal commands addressed to the TCG Locking SP. It provides all of the
services of the ATA Enhanced Security Mode as well as additional features through TCG Opal commands.
Some ATA Security commands are disabled in this mode and their functionality is provided through the
TCG Opal commands. To operate in TCG Opal Security Mode, the Drive Owner must invoke the Activate
method on the Locking SP from the uninitialized state.
One of the fundamental differences in this Mode is the capability to have multiple Users with independent
access control to read/write/erase independent data areas (LBA ranges). Note that by default there is a
single "Global Range" that encompasses the whole user data area.
In addition to the Drive Owner and User(s) roles, this mode implements a CO role (Admins) to administer
the additional features. These features include:
Enable/disable additional Users
Create and configure multiple LBA Ranges
Assign access control of Users to LBA Ranges
Lock/unlock LBA Ranges
Erase LBA Ranges using Cryptographic Erase
MBR Shadowing
2.6.2.1
Single User Data Ranges (SUDRs)
While invoking the Activate method to enter TCG Opal Security Mode, the Drive Owner may elect to
classify one or more user data ranges as "Single User Data Ranges" (SUDRs). Such SUDRs conform to the
Single User feature set as defined in the Opal SSC feature set (7) and are managed solely by the associated
User role. Details of the differences between SUDRs and normal data ranges can be found in Section 4.1,
Table 2.1.
Note that once in TCG Opal Security Mode, the only way to change the classification of a user data range
without invoking the "Exit FIPS Mode" service is by using the Reactivate method.
2.7 User Data Cryptographic Erase Methods
Since all user data is encrypted / decrypted by the CM for storage / retrieval on the drive media, the data can
be erased using a cryptographic method. The data is effectively erased by changing the encryption key
(MEK). Thus, the FIPS 140 key management capability of "zeroization" of the key erases all the user data.
This capability is available through both FIPS modes. Of course the user data can also be erased by
overwriting, but this can be a long operation on high capacity drives.
Other FIPS services can be used to erase all the other private keys and CSPs (see Section 2.8).
2.8 Revert and Revert SP Methods
In either ATA Enhanced Security Mode or TCG Opal Security Mode, the TCG Revert and Revert SP
methods may be invoked by an appropriately authenticated Role to transition the CM into the uninitialized
state (non-Approved) mode. This corresponds to the "Exit FIPS Mode" service and is akin to a "restore to
factory defaults" operation. This operation also provides a means to zeroize keys and CSPs. Subsequently,
the CM has to be reinitialized before it can return to a FIPS Approved mode of operation (i.e. ATA
Enhanced Security Mode or TCG Opal Security Mode). These Revert and Revert SP methods may be
invoked by the Drive Owner, Admin SP Admins, Locking SP Admins or an unauthenticated role using the
public PSID value.