Storage Work Group Storage Security Subsystem Class: Opal FAQs


 

Trusted Computing Group Storage Work Group
Opal Security Subsystem Class (SSC) v2.00 Specification FAQ
February 28, 2013
 

Q. Is the Opal SSC v2.00 a superset of the Opal SSC v1.00?
A. Yes. The Opal SSC v2.00 specification extends the existing features of Opal SSC v1.00 and adds additional features.


Q. Is the Opal SSC v2.00 specification backwards compatible with the previous Opal SSC v1.00 specification?
A. No. The Opal SSC v2.00 specification itself is not backwards compatible. However, Opal SSC v2.00 allows a storage device vendor to implement a device based on Opal SSC v2.00 in a way that is backwards compatible with Opal SSC v1.00.


Q. Why was the backwards incompatibility introduced in Opal SSC v2.00?
A. The Opal SSC v2.00 specification was extended to allow storage devices with physical block size restrictions to be supported.


Q. How can I tell if a storage device supports both versions of the Opal specifications?
A. The storage device will report the Opal SSC Feature Descriptors for both specifications.


Q. What's new in Opal SSC v2.00?
A. Opal v2.00 includes the following new and enhanced capabilities:

  • LBA Range Alignment: Configuration options for LBA range alignment in storage devices with more than 1 logical block per physical block on the media and where the first logical block may not line up exactly with the beginning of a physical block.
  • Byte Table Access Granularity: Writing to byte tables, such as the DataStore table and the MBR table in the Locking SP, can now be required to be done in blocks of granularity larger than a byte. 
  • Admin Authorities: The minimum supported number of Admin Authorities in the Locking SP has been increased to 4. New Admin Authorities (a minimum of 1) have been added to the Admin SP.
  • User Authorities: The minimum supported number of User Authorities has been increased to 8. A configuration option for disallowing User Authorities to change their C_PIN values has been added.
  • LBA Ranges: The minimum number of supported LBA ranges has been increased to 8.
  • Methods and Commands: More methods and commands are now Mandatory in Opal SSC v2.00, including the Protocol Stack Reset and TPer Reset commands, and the Authenticate, Random and Revert methods (on both the Locking SP and the Admin SP).
  • Columns and Tables: More columns of certain tables are now Mandatory in Opal SSC v2.00. This includes the CommonName column in the Authority and Locking tables of the Locking SP, and the GUDID column in the TPerInfo table of the Admin SP. A new SecretProtect table has been added to the Locking SP.
  • Default SID PIN Value: The initial value of C_PIN_SID may be Vendor Unique (instead of being set to C_PIN_MSID).
  • DataStore Table: The minimum size of the DataStore table has been increased to 10MB (from 1KB). The Additional DataStore Tables Feature Set has been made Mandatory.


Q. What are the benefits of the Opal SSC v2.00 specification?
A. Opal SSC v2.00 will accommodate a wider range of storage devices. The addition of new features allows delivery of a richer set of solutions around self-encrypting drives.


Q. What is a Feature Set?
A. A Feature Set defines additional functionality that extends an SSC.


Q. Are there any Mandatory Feature Sets for Opal SSC v2.00?
A. Yes. The Additional DataStore Tables Feature Set is Mandatory for Opal SSC v2.00.

Q. Can Opal SSC v2.00 storage devices work with host software designed for Opal SSC v1.00?
A. Yes, if the storage device was implemented to support both the Opal SSC v1.00 and Opal SSC v2.00 specifications.

Q. How does a storage device vendor implement a device based on Opal SSC v2.00 so that it is compatible with Opal SSC v1.00?
A. An Opal SSC v2.00 implementation is compatible with Opal SSC v1.00 only if the geometry reported by the Geometry Reporting Feature does not specify any alignment restrictions; the TPer does not specify any granularity restrictions for byte tables; and the "Initial C_PIN_SID PIN Indicator" and "Behavior of C_PIN_SID PIN upon TPer Revert" fields are both 0x00 in the Opal SSC V2.00 Level 0 Feature Descriptor. The storage device will report the Opal SSC Feature Descriptors for both specifications.

Q. Will TCG have a certification program to test for Opal SSC v2.00 compliance?
A. Yes, a compliance testing program is currently being developed in the Storage Work Group.

Q. Where are the new TCG Storage specifications available?
A. The Opal v2.00 SSC is available now at:
http://www.trustedcomputinggroup.org/resources/storage_work_group_storage_security_subsystem_class_opal

 

Contact: Anne Price
602-840-6495
[email protected]