Secure Drive

Now I’m working at Western Digital as a firmware developer on a team that provides a common security engine for SSDs and HDDs. I am in charge of developing Security APIs so that the security engine provided by the team can be used according to the HDD characteristics.

1. TCG protocols (TCG enterprise, opal, pyrite, etc).
2. Sanitize
3. ATA Security

1. [TCG] (https://nvmexpress.org/wp-content/uploads/TCGandNVMe_Joint_White_Paper-TCG_Storage_Opal_and_NVMe_FINAL.pdf) provides that data stored on HDDs or SSDs is self-encrypted under policy-based access control. The following link explains the TCG storage specification more easily. https://www.kingston.com/en/community/articledetail/articleid/51969

The following figure shows how reads/writes are access-controlled and encrypted in the TCG configuration store.

2. [Sanitize] This function erases all data on the media (disk media, flash memory, DRAM memory) in the storage device. The Self-Encryption Drive encrypts data first, and then overwrites all data with a specific pattern or garbage data.

3. [ATA Security] This is a basic security feature provided by storage drives using SATA interface.

The following ATA security access controls are provided, which allow users to way to protect their data.