Join Now
Interested companies are encouraged to review the Benefits of Membership and apply today!
Join NowGlossary
Unfamiliar with a term used in this section? Check the TCG Glossary of TechnicalTerms for the definition.
View Glossary
Storage - FAQs
What is the TCG Storage Specification?
The TCG Storage Workgroup has developed the TCG Storage Specification Overview and Core Architecture Specification as Version 1.0, Revision 0.9, which describes in detail how to implement and utilize trust and security services on storage devices. TCG is making it publicly available for critical review and analysis by the larger I.T., storage, and software application and end-user communities. Storage device developers can design trusted storage devices based on this Specification and application developers can examine how their applications might exploit trusted storage devices.
Why is the Specification being released as "Version 1.0, Revision 0.9 - draft"?
The TCG is following the usual practice with storage-related standards (such as SCSI and ATA) of releasing a version for wider industry review, before publishing a final version. This version of the Specification is complete, self-contained, and capable of being implemented, and was developed by our broad base of storage industry members. Vendors can begin to engineer products based on the Specification. If a vendor would like to contribute to the final Specification, we encourage that vendor to join TCG and to participate in the Storage Workgroup.
Who would use the Storage Specification?
There are two primary audiences for this Specification:
For storage device manufacturers, TCG's Specification provides the architecture for how to implement trust and security services on storage devices.
For platform-based application developers (ISVs), the Specification describes the interface to trust and security services on storage devices, so that the application can take advantage of such services.
Of course, the ultimate benefactors of the Storage Specification are the end-users who purchase and take advantage of the security-enhanced applications that will result from using the Specification.
Have you taken into account existing standards such as those for SCSI and ATA? How are you working with other standards bodies?
SCSI (T10) and ATA (T13) are ANSI/INCITS standards committees that input their standards to ISO and provide the interface standards for a great variety of storage devices, including USB-attached storage (i.e., SCSI command set). After interaction with TCG, T10 and T13 both have defined a Trusted Send (In) and Trusted Receive (Out) command set, which have subsequently been dually standardized. Trusted Send/Receive provides the "container" commands for specific "payload" security commands. The TCG Storage Specification provides the "payload" definition for the specific Protocol ID = TCG. Other Protocol IDs can be assigned to other protocol suites, as needed.
Additionally, the Storage Specification reference adopts other trust and security standards, as appropriate (e.g., public key, cryptography, hashing).
What does this Storage Specification enable?
The Specification enables platform-based applications to take advantage of trust and security services provided by "trusted" storage devices.
What are examples of trust and security services detailed in the Storage Specification?
The Specification enables applications to take advantage of a number of trust and security services on a storage device:
Cryptography
Public key cryptography and digital signature
Hashing functions
Random number generation (RNG)
Secure storage
Cryptography
Public key cryptography and digital signature
Hashing functions
Random number generation (RNG)
Secure storage
Is the Storage Specification complete? Will there be later versions?
The Specification is complete, but is being released as a Version 1.0, Revision 0.9 - draft. Even though all the major hard drive manufacturers and a number of flash, optical, and tape manufacturers have been working together to develop this Specification, we are providing this version to the larger I.T., storage, software application and end-user communities. If a vendor would like to contribute to the final Specification, due in the near future, we encourage that vendor to join TCG and to participate in the Storage Workgroup. However, ISVs and storage device manufacturers can begin to devise implementations based on this version of the Specification now.
Will products created using today’s Storage Specification work with those based on later versions?
Yes; any enhancements and additions should be upward compatible or require minimal changes.
Will products based on the Storage Specification work in today’s PC architectures?
Yes; the Storage Specification targets applications running on either PC or server platforms and therefore takes advantage of and is compatible with PC and server architectures.
What change of behavior is required from IT managers to use products based on the Storage Specification?
Traditionally, storage devices have been viewed as "simply" storage. However, storage devices can have powerful computing systems on board and lots of available memory, all protected behind a tightly closed and access-controlled environment, largely immune to the vulnerabilities of the operating system-based platform itself (e.g., viruses). And, the data is on the storage device. Why not put the security functions related to data protection directly on the device housing the data?
TCG and its members believe that IT managers will appreciate the advantages of pairing security and data storage in the same device.
Does implementing this Storage Specification cost storage device makers more? If so, how much?
Yes; the implied firmware and hardware enhancements needed to support the Specification cost money and development resources. But, the storage device industry has a tradition of efficient and cost-effective development, as well as an "economy of scale" across such huge product volumes.
Does implementing this Storage Specification require any new or different parts for storage devices? If so, who is providing those and when will they be available?
Yes; the internal computing environment of a storage device must be enhanced to support the Specification. The storage device manufacturers themselves typically develop those core components themselves. TCG cannot speculate on availability, except to note that the storage device industry had been aggressively cooperating on the development of the Specification.
How will PC makers and users know that storage devices based on the Storage Specification meet all of its requirements? Are you planning a certification program?
The TCG Storage WG is working on security evaluation/compliance requirements as a follow-on effort.
Some companies have announced hard drives already that incorporate some of the work that was done in TCG before the Storage Specification became available. Will these products be compatible with future products based on the actual Specification?
Full Disk Encrypting (FDE) hard drives are available now that enable the functionality incorporated in the Specification, with the encrypting hardware directly on the hard drive and a programming interface supported for ISVs to provide security management of the FDE function.
It is anticipated that such products will evolve to Specification-based products in the future.
Will secure storage devices require a separate TPM?
The requirements derived from the Storage WG use cases do not mandate a Trusted Platform Module (TPM) for storage devices. However, a "root of trust" for storage devices is required to extend the trust boundary of trusted platforms. This ‘root of trust' is detailed in the Specification and can be realized by a combination of hardware and firmware.
Which companies are participating in the Storage Specification effort?
More than 60 of the approximately 100+ TCG members have registered for participation in the development of the Storage WG Specification. Not only all major hard drive vendors, but flash, tape, and optical storage vendors are participating. We also have participation from storage and security management and storage integration vendors. A complete list of TCG members is online at www.trustedcomputinggroup.org.
What are some potential applications for trusted storage?
Every application that depends on the integrity, trustworthiness, and security of relevant data will critically benefit from the TCG Storage Work Group Specification. The published storage use case white paper implicates a number of such applications.
Is the Storage Specification targeted for content protection?
The Specification does not define a complete, full-life-cycle content protection scheme. However, the Specification does provide a number of security "building blocks" that could be used by developers of content protection schemes.
How does trusted storage work, exactly?
Once the trust and security functions from the Specification are implemented in firmware and hardware on the storage device, then platform-based applications utilize this function through the SCSI/ATA Trusted Send/Receive command interface, under versatile access control.
Why is the storage subsystem appropriate for security? Why not put security further out, for example, in the SAN or the RAID device?
Storage is where the data resides! Plus, storage devices contain powerful computing subsystems and lots of available memory, as well as being "closed" to vulnerabilities that plague the operating system-based platform. SAN, RAID, and other complex storage device manufacturers are reacting favorably to such trust and security functions being provided by the constituent storage devices; e.g., scale and extensibility, shorter path lengths, risk mitigation, etc.