Join Now
Interested companies are encouraged to review the Benefits of Membership and apply today!
Join NowGlossary
Unfamiliar with a term used in this section? Check the TCG Glossary of TechnicalTerms for the definition.
View Glossary
Storage - FAQs
What is the Storage Work Group?
The Storage Work Group is an organization within the Trusted Computing Group. It consists of TCG member companies with interests in the implementation of the Trusted Computing Group's methodologies for storage. For more information on the Storage Work Group, please see the documents at http://www.trustedcomputinggroup.org/developers/storage.
What is the purpose of the Storage Work Group?
The purpose of the Storage Work Group is to provide a set of specifications that enable the implementation of Trusted Storage. Using standards-based encryption techniques and methodologies, the specifications allow users to store data with protection against theft or loss.
Who is participating in the Storage Work Group?
Participation in the Storage Work Group includes storage device manufacturers, storage subsystem manufacturers, software vendors, and designers of custom, highly integrated components. Storage and security management and storage integration vendors also participate. A complete list of TCG members is online at http://www.trustedcomputinggroup.org/about_tcg/tcg_members
Have you taken into account existing standards such as those for SCSI and ATA? How are you working with other standards bodies?
SCSI (T10) and ATA (T13) are ANSI/INCITS standards committees that input their standards to ISO and provide the interface standards for a great variety of storage devices, including USB-attached storage (i.e., SCSI command set). After interaction with TCG, T10 and T13 both have defined a Trusted Send (In) and Trusted Receive (Out) command set, which have subsequently been dually standardized. Trusted Send/Receive provides the "container" commands for specific "payload" security commands. The TCG Storage Specification provides the "payload" definition for the specific Protocol ID = TCG. Other Protocol IDs can be assigned to other protocol suites, as needed.
Additionally, the Storage Specification reference adopts other trust and security standards, as appropriate (e.g., public key, cryptography, hashing).
What is the output of this Work Group?
The Storage Work Group develops standards and practices for defining the same security services across dedicated storage controller interfaces, including but not limited to ATA, Serial ATA, SAS, Fibre Channel, USB and PCIe. Storage systems addressed by TCG include disk drives, removable media drives, flash storage, and multiple storage device systems.
What is a Security Subsystem Class (SSC)?
The Trusted Storage Architecture Core Specification developed in the Storage Work Group provides a comprehensive definition of TCG-¬related functions for a TCG trusted storage device. However, trusted storage devices use cases may not require all Core Specification functionality. There are multiple "classes" of Core Specification compliance called Security Subsystem Classes (SSCs). SSCs explicitly define the minimum acceptable Core Specification capabilities of a storage device in a specific "class".
What is the Opal SSC?
The Opal SSC specification is predicated on ease of implementation and integration. This SSC defines the specifications and methodologies for implementing the Core Specification for fixed media storage devices in the consumer and enterprise storage systems, such as notebooks and desktops. The Opal SSC specification is based on the Trusted Storage Architecture Core Specification Version 1.0 Revision 1.0
Why is this SSC named 'Opal'?
When the SWG started working on the different SSCs, the work group decided to use as a convention the name of semi precious stones to name the SSCs. The work group worked on different SSCs: Jade and Opal. Jade later was renamed to "Enterprise SSC" but Opal kept its original name.
What is the Opal Test Cases Specification?
The Opal Test Cases Specification contains a set of tests that are intended to verify the correct behavior of a storage device implementing the Opal SSC Specification. These test cases are intended to be used as a basis for the compliance component of the projected Storage certification program, which would seek to ensure a high level of interoperability of storage devices from multiple vendors.
What is the audience for the Opal Test Cases Specification?
The target audience for the Opal Test Cases Specification includes system integrators for trusted storage solutions including security software vendors, manufacturers of Opal SSC storage devices, and compliance test suite vendors.
When will the Storage certification program be available?
We are actively evaluating the many aspects of establishing such a certification program, and publishing the test cases is one of the first steps. At this time, we do not have a concrete timeline for a potential launch of the program.
Does implementing this Storage Specification require any new or different parts for storage devices? If so, who is providing those and when will they be available?
Yes; the internal computing environment of a storage device must be enhanced to support the Specification. The storage device manufacturers themselves typically develop those core components themselves. TCG cannot speculate on availability, except to note that the storage device industry had been aggressively cooperating on the development of the Specification.
Some companies have announced hard drives already that incorporate some of the work that was done in TCG before the Storage Specification became available. Will these products be compatible with future products based on the actual Specification?
Full Disk Encrypting (FDE) hard drives are available now that enable the functionality incorporated in the Specification, with the encrypting hardware directly on the hard drive and a programming interface supported for ISVs to provide security management of the FDE function.
It is anticipated that such products will evolve to Specification-based products in the future.
Will secure storage devices require a separate TPM?
The requirements derived from the Storage WG use cases do not mandate a Trusted Platform Module (TPM) for storage devices. However, a "root of trust" for storage devices is required to extend the trust boundary of trusted platforms. This ‘root of trust' is detailed in the Specification and can be realized by a combination of hardware and firmware.
Which companies are participating in the Storage Specification effort?
More than 60 of the approximately 100+ TCG members have registered for participation in the development of the Storage WG Specification. Not only all major hard drive vendors, but flash, tape, and optical storage vendors are participating. We also have participation from storage and security management and storage integration vendors. A complete list of TCG members is online at www.trustedcomputinggroup.org.
What are some potential applications for trusted storage?
Every application that depends on the integrity, trustworthiness, and security of relevant data will critically benefit from the TCG Storage Work Group Specification. The published storage use case white paper implicates a number of such applications.
Is the Storage Specification targeted for content protection?
The Specification does not define a complete, full-life-cycle content protection scheme. However, the Specification does provide a number of security "building blocks" that could be used by developers of content protection schemes.
How does trusted storage work, exactly?
Once the trust and security functions from the Specification are implemented in firmware and hardware on the storage device, then platform-based applications utilize this function through the SCSI/ATA Trusted Send/Receive command interface, under versatile access control.
Why is the storage subsystem appropriate for security? Why not put security further out, for example, in the SAN or the RAID device?
Storage is where the data resides! Plus, storage devices contain powerful computing subsystems and lots of available memory, as well as being "closed" to vulnerabilities that plague the operating system-based platform. SAN, RAID, and other complex storage device manufacturers are reacting favorably to such trust and security functions being provided by the constituent storage devices; e.g., scale and extensibility, shorter path lengths, risk mitigation, etc.
Is TCG going to address security issues for data centers as well as notebooks?
Yes; the Specification applies to ALL storage devices, both client (PC) and server. The initial interest is for PC-based products, but the Storage Specification will appear in all storage, equally satisfying requirements that are specific to servers and data centers.