C
HEETAH
15K.7 FC P
RODUCT
M
ANUAL
, R
EV
. E
33
8.4
D
RIVE LOCKING
In addition to changing the passwords, as described in Section 8.2.3, the owner should also set the data access controls for
the individual bands.
The variable "LockOnReset" should be set to "PowerCycle" to ensure that the data bands will be locked if power is lost. This
scenario occurs if the drive is removed from its cabinet. The drive will not honor any data read or write requests until the
bands have been unlocked. This prevents the user data from being accessed without the appropriate credentials when the
drive has been removed from its cabinet and installed in another system.
When the drive is shipped from the factory, the firmware download port is locked and the drive will reject any attempt to
download new firmware. The drive owner must use the SID credential to unlock the firmware download port before firmware
updates will be accepted.
8.5
D
ATA BANDS
When shipped from the factory, the drive is configured with a single data band called Band 0 (also known as the Global Data
Band) which comprises LBA 0 through LBA max. The host may allocate Band1 by specifying a start LBA and an LBA range.
The real estate for this band is taken from the Global Band. An additional 14 Data Bands may be defined in a similar way
(Band2 through Band15) but before these bands can be allocated LBA space, they must first be individually enabled using
the EraseMaster password.
Data bands cannot overlap but they can be sequential with one band ending at LBA (x) and the next beginning at LBA (x+1).
Each data band has its own drive-generated encryption key and its own user-supplied password. The host may change the
Encryption Key (see Section 8.6) or the password when required. The bands should be aligned to 4K LBA boundaries.
8.6
C
RYPTOGRAPHIC ERASE
A significant feature of SEDs is the ability to perform a cryptographic erase. This involves the host telling the drive to change
the data encryption key for a particular band. Once changed, the data is no longer recoverable since it was written with one
key and will be read using a different key. Since the drive overwrites the old key with the new one, and keeps no history of
key changes, the user data can never be recovered. This is tantamount to an instantaneous data erase and is very useful if
the drive is to be scrapped or redispositioned.
8.7
A
UTHENTICATED FIRMWARE DOWNLOAD
In addition to providing a locking mechanism to prevent unwanted firmware download attempts, the drive also only accepts
download files which have been cryptographically signed by the appropriate Seagate Design Center.
Three conditions must be met before the drive will allow the download operation:
1. The download must be an SED file. A standard (base) drive (non-SED) file will be rejected.
2. The download file must be signed and authenticated.
3. As with a non-SED drive, the download file must pass the acceptance criteria for the drive. For example it must be appli-
cable to the correct drive model, and have compatible revision and customer status.
8.8
P
OWER REQUIREMENTS
The standard drive models and the SED drive models have identical hardware, however the security and encryption portion
of the drive controller ASIC is enabled and functional in the SED models. This represents a small additional drain on the 5V
supply of about 30mA and a commensurate increase of about 150mW in power consumption. There is no additional drain on
the 12V supply. See the tables in Section 6.2 for power requirements on the standard (non-SED) drive models.
8.9
S
UPPORTED COMMANDS
The SED models support the following two commands in addition to the commands supported by the standard (non-SED)
models as listed in Table 16:
• Security Protocol Out (B5h)
• Security Protocol In (A2h)
