Trusted Computing Group

Storage Work Group Storage Security Subsystem Class: Opal FAQs

Q. What is the Storage Work Group?
A. The Storage Work Group is an organization within the Trusted Computing Group. It consists of TCG member companies with interests in the implementation of the Trusted Computing Group's methodologies for storage. For more information on the Storage Work Group, please see the documents at
www.trustedcomputinggroup.org/developers/storage/.

Q. What is the purpose of the Storage Work Group?
A. The purpose of the Storage Work Group is to provide a set of specifications that enable the implementation of Trusted Storage. Using standards-based encryption techniques and methodologies, the specifications will allow users to store data with protection against theft or loss.

Q. How is the Storage Work Group organized?
A. The Storage Work Group operates under the auspices of the TCG. Membership in the Storage Work Group is determined by TCG bylaws and is open to all TCG members.

Q. Who is participating in the Storage Work Group?
A. Participation in the Storage Work Group includes storage device manufacturers, storage subsystem manufacturers, software vendors, and designers of custom, highly integrated components. Storage and security management and storage integration vendors also participate. A complete list of TCG members is online at www.trustedcomputinggroup.org.

Q. What is the output of this Work Group?
A. The Storage Work Group develops standards and practices for defining the same security services across dedicated storage controller interfaces, including but not limited to ATA, Serial ATA, SAS and Fibre Channel. Storage systems include disk drives, removable media drives, flash storage, and multiple storage device systems.

Q. What is a Security Subsystem Class (SSC)?
A. The Trusted Storage Architecture Core Specification developed in the Storage Work Group provides a comprehensive definition of TCG-related functions for a TCG trusted storage device. However, trusted storage devices use cases may not require all Core Specification functionality. There are multiple "classes" of Core Specification compliance called Security Subsystem Classes (SSCs). SSCs explicitly define the minimum acceptable Core Specification capabilities of a storage device in a specific "class".

Q. What is the Opal SSC?
A. The Opal SSC specification is predicated on ease of implementation and integration. This SSC defines the specifications and methodologies for implementing the Core Specification for fixed media storage devices in the consumer and enterprise storage systems, such as notebooks and desktops. The Opal SSC specification is based on the Trusted Storage Architecture Core Specification Version 1.0 Revision 1.0

Q. Why is this SSC named 'Opal'?
A. When the SWG started working on the different SSCs, the work group decided to use as a convention the name of semi precious stones to name the SSCs. The work group worked on different SSCs: Jade and Opal. Jade later was renamed to "Enterprise SSC" but Opal kept its original name.

Q. What is the audience for this specification?
The target audience for the Opal SSC specification includes system integrators for trusted storage solutions including security software vendors and manufacturers of Opal SSC storage devices.

Q. What requirements are satisfied by Opal SSC?
A. Opal SSC provides a secure boot capability (pre-boot authentication) as well as protection of user data from compromise due to the loss, theft, repurposing or end of life of the storage device. Furthermore Opal SSC provides administrative capabilities that allow administrative functions such as user enrollment and media management.

Q. How is the media managed in the Opal SSC?
A. The Opal SSC specification supports multiple storage ranges with each having its own authentication and encryption key. The range start, range length, read/write locks as well as the user read/write access control for each range are configurable by the administrator.

Q. Why would a developer want to develop such a device?
A. Based on the growing number of security breaches involving lost or stolen storage, the marketplace is ready for a secure solution with the capability of integration with other devices/systems based on TCG specifications.

Q. How will this device be used?
A. Opal storage devices will be used in many different market segments, including PC Client: governmental agencies, financial services, healthcare, insurance, military, and many others.

Q. What about DRM?
A. Opal storage devices can be provided to help users protect their data and for content owners to protect theirs. As is true with all Trusted Computing Group specifications, the specifications do not specifically provide DRM capabilities or software and do not "lock" a user to a specific software or platform, nor are they intended to reduce a user's access to his or her own content or applications.

Q. Would Opal Trusted Drives require a TPM? Are they required to be used in
systems with TPMs?
A. A Trusted drive itself does not require a TPM, but for optimal data security and
protection, pairing these drives with clients that have TPMs is recommended.

Q. How much redesign of a standard disc drive will be necessary and what will
related costs be?
A. Since the TCG Opal SSC specification does not specify any modification of recording
methods or disc formats, it is only the Storage Device controller IC that requires modification. Although this is not a small modification, high-integration ICs (integrated circuits) minimize both the cost and complexity of the implementation.

Q. How soon will we see drives that implement this specification?
A. Multiple hard disc drive companies have announced storage products supporting the
Opal SSC specification.

Q: This SSC is based on the Core Spec version 1.0 revision 1.0. Has that release
version been published yet?
A: No, but it will be published soon. A draft version of the TCG Core Specification
version 1.0 revision 1.0 is available to the TCG member companies.

Q. Have you taken into account existing standards such as those for SCSI and
ATA?
A. SCSI (T10) and ATA (T13) are ANSI/INCITS standards committees that input their standards to ISO and provide the interface standards for a great variety of storage devices. Many Storage Work Group members are also involved in these public standards in order that the specific needs of Storage Work Group devices are provided in those public standards. The Storage Work Group has a Storage Interface Interactions Subgroup to handle any necessary interactions with T10 or T13.

Q. Where are the TCG Storage specifications available?
A. The Opal SSC is available now at:
https:www.trustedcomputinggroup.org/developers/Storage.

Contact: Anne Price
602-840-6495
press@trustedcomputinggroup.org