HP LaserJet, OfficeJet, PageWide, ScanJet - HP FutureSmart Firmware Device Hard Disk, SSD, and eMMC Security (white paper)

ManualsBrandsHP ManualsPrint & ScanC2S11A

Technical white paper

HP FutureSmart Firmware Device Hard Disk,

SSD and eMMC Security

Table of contents



Overview .................................................................................................................................................................... 2

Hard Disk Drive Security Overview ......................................................................................................................... 2

Hard Disk Architecture ............................................................................................................................................. 2

Secure Erase Commands ........................................................................................................................................ 2

Disk Initialization Commands .................................................................................................................................. 5

SSD and eMMC Security Overview .......................................................................................................................... 6

Secure Erase Data Overwrite Functionality Not Supported on SSD/eMMC ....................................................... 6

Secure Volatile Storage Feature with SSD and eMMC ......................................................................................... 6

SSD and eMMC Impact to Disk Management Features ........................................................................................ 7

Accessory Hard Disk Drive Option .......................................................................................................................... 9

Disk Erase confirmation ........................................................................................................................................ 10

Government Erase Standards .............................................................................................................................. 11

Appendix A: Secure Erase Data Overwrite and Specifications ......................................................................... 11

Appendix B: Device Hard Drive Support .............................................................................................................. 13

Appendix C: Device SSD and eMMC Support ...................................................................................................... 16

Appendix D: ATA secure erase not supported ................................................................................................... 19

Appendix E: Optional HDD Accessory capable devices ...................................................................................... 19



Summary of content (20 pages)

PAGE 1
Technical white paper HP FutureSmart Firmware Device Hard Disk, SSD and eMMC Security Table of contents Overview ....................................................................................................................................................................2 Hard Disk Drive Security Overview.........................................................................................................................2 Hard Disk Architecture ....................................................
PAGE 2
Overview This document discusses secure erase options and hard disk, SSD and eMMC security on HP FutureSmart Firmware printing devices. It replaces previous security documents HP FutureSmart Firmware Device Hard Disk Security, Solid State Drive Security for HP Printing Devices and eMMC Security for HP Enterprise Printing Device.
PAGE 3
Figure 1: Managing Temporary Job Files settings in the Embedded Web Server (EWS) Figure 2: Secure File Erase Mode settings in Web Jetadmin Note: This setting corresponds to Managing Temporary Job Files setting in EWS 2.
PAGE 4
Figure 4: Erase Customer Data settings in Web Jetadmin NOTE: This setting corresponds to Erase Job Data setting in EWS 3. Secure Disk Erase This feature securely erases all data on the hard disk, including disk sectors spared and relocated sectors. This erase operation, also known as ATA Erase, is executed directly by the hard disk controller. Secure Disk Erase meets the “Purge” erase standard defined in NIST Special Publication 800-88, Guidelines for Media Sanitation.
PAGE 5
Disk Initialization Commands These commands reinitialize the hard disk or sections of the disk to provide troubleshooting and diagnostic capabilities. The commands are similar to disk formatting commands and do not provide sector level data overwrite. These erase commands are not recommended for securely removing customer data. These commands are only accessible from the device pre - boot menus.  Clean Disk removes all data from the disk. This command will render the device inoperable.
PAGE 6
SSD and eMMC Security Overview Some models of HP printing devices use Solid State Drive (SSD) or embedded MultiMediaCard (eMMC) mass storage devices as the system disk (See Appendix C for these models). SSD and eMMC are mass storage devices that use NAND-based flash memory instead of spinning disks used in traditional hard disk drives (HDD). These memory-based drives appear to the printing device operating system as a traditional Hard Disk Drive.
PAGE 7
NOTE: Because SSD and eMMC product memory does not have onboard encryption it will list as “Status: Disk Cannot be encrypted” (Figures 10); however, any data written to the memory is encrypted by the device firmware as configured as shown in Figure 9.
PAGE 8
Figure 12: Erase Job Date option using an SSD system disk in the Embedded Web Server (EWS) Figure 13: Erase Job Date option using an eMMC system disk in the Embedded Web Server (EWS) 3. Job Data Encryption Job data is temporarily stored in cryptographic form and will be securely erased with each restart. The default setting is AES-128 which provides the best system performance. AES-256 provides more security however will impact system performance.
PAGE 9
NOTE: The early generation of SSD used in HP printing devices did not support ATA Secure Erase; however, executing the Secure Erase command will manually clear all addressable memory locations marking all cells as empty. (See Appendix D: for devices which did not support ATA erase.) HP printing devices with eMMC support Secure Erase. The eMMC used in HP printing devices does not support ATA Secure Erase, but instead uses the equivalent Trim with Sanitize, which clears all addressable and spared storage.
PAGE 10
 Secure Disk Erase selects the most secure method to remove the drive’s data, other than a cryptographic erase. The method will either be a Secure Erase using data overwrite or an ATA Secure Disk Erase. o NOTE: This erase mode is recommended when decommissioning a device.
PAGE 11
Government Erase Standards These devices comply with current US Government requirements for Clear and Purge when clearing confidential data from a hard disk as specified in Updated DSS Clearing and Sanitization Matrix AS OF June 28, 2007 and NIST Special Publication 800-88, Guidelines for Media Sanitation (R1 December 2014).
PAGE 12
Secure Sanitizing Erase mode follows the U.S. Department of Defense 5220-22.M specification using a succession of multiple data overwrites. For Secure Sanitizing Erase, each deleted file is overwritten with:  the fixed character pattern (binary 01001000).  the complement of the fixed character pattern (binary 10110111).  a random character: o A 32k byte buffer of random characters is generated for each file delete operation using the device’s unique uptime as the seed.
PAGE 13
Appendix B: Device Hard Drive Support The following printing devices support HP FutureSmart Firmware functionality and HP High Performance Secure Hard Disk. NOTE: A * indicates the device requires an optional HP High Performance Secure Hard Disk Accessory or EIO Accessory. See product datasheet for details.
PAGE 14
HP LaserJet Enterprise M609dn*, M609x* M609dh HP LaserJet Enterprise MFP M630 series HP LaserJet Managed MFP M630 HP LaserJet Enterprise MFP Flow M630 series HP LaserJet Enterprise Managed Flow MFP M630 series HP LaserJet Enterprise MFP M631 series HP LaserJet Enterprise MFP M632, M633 series HP LaserJet Enterprise MFP Flow M632, M633 series HP LaserJet Enterprise MFP M651xh HP Color LaserJet Managed M651xhm HP Color LaserJet Enterprise M652, M653 series* HP LaserJet Enterprise MFP M680 series HP Color Lase
PAGE 15
HP LaserJet Managed E60155,65,75 series* HP LaserJet Managed MFP E62555dn* HP LaserJet Managed MFP E62565h HP LaserJet Managed Flow MFP E62565, 75 series HP LaserJet Managed MFP E62655dn* HP LaserJet Managed MFP E62665hs HP LaserJet Managed Flow MFP E62665 series HP Color LaserJet Managed MFP E67550dh HP Color LaserJet Managed E65050, 60 series* HP Color LaserJet Managed E65150, 60 series* HP Color LaserJet Managed Flow MFP E67560z HP Color LaserJet Managed MFP E67650dh HP Color LaserJet Managed Flow MFP E6
PAGE 16
Appendix C: Device SSD and eMMC Support The following HP printing devices include SSD storage: HP Color LaserJet CP5525n, dn HP LaserJet Enterprise M4555 MFP base (EMEA only) HP LaserJet Enterprise 600 M601n, dn, x; M602n, dn, x; M603n, dn HP LaserJet Enterprise MFP M630dn HP LaserJet Enterprise M651n, dn HP LaserJet Enterprise 500 M525 dn, f HP LaserJet Enterprise 500 color M551n, dn HP LaserJet Enterprise 600 M601n, dn, x; M602n, dn, x; M603n, dn HP LaserJet Enterprise MFP M630dn HP LaserJet Enterprise M6
PAGE 17
HP LaserJet Managed E60155,65,75 series HP LaserJet Managed MFP E62555dn HP LaserJet Managed MFP E62655dn HP Color LaserJet Managed E65050, 60 series HP Color LaserJet Managed E65150, 60 series HP Color LaserJet Managed E75245dn HP PageWide Enterprise Color 556 series HP PageWide Color 755dn HP PageWide Enterprise Color 765dn HP PageWide Color MFP 774 series HP PageWide Color MFP 779 series HP PageWide Managed Color E55650 HP PageWide Managed Color E75160dn HP PageWide Managed Color P75250dn HP PageWide Man
PAGE 18
HP LaserJet Managed E50045dw HP LaserJet Managed E50145dn HP LaserJet Managed MFP E52545dn HP Color LaserJet Managed E55040dw HP LaserJet Managed E60055,65,75 series HP LaserJet Managed E60155,65,75 series HP LaserJet Managed MFP E62555dn HP LaserJet Managed MFP E62655dn HP Color LaserJet Managed E65050, 60 series HP Color LaserJet Managed E65150, 60 series HP Color LaserJet Managed E75245dn HP OfficeJet Enterprise X555 HP OfficeJet Enterprise X585 HP PageWide Enterprise Color 556 series HP PageWide Enterpr
PAGE 19
Appendix D: ATA secure erase not supported The following HP printing devices do not support ATA secure erase HP Color LaserJet CP5525n, dn HP LaserJet Enterprise M4555 MFP base (EMEA only) Appendix E: Optional HDD Accessory capable devices The following HP printing devices accept the optional HDD Accessory HP LaserJet Enterprise M506 Series HP LaserJet Enterprise M507 Series HP LaserJet Enterprise MFP M527dn HP LaserJet Enterprise MFP M528dn HP Color LaserJet Enterprise M553n, M553dn, M553x HP Color LaserJ
PAGE 20
The following HP printing devices accept the optional EIO HDD Accessory HP Color LaserJet CP5525n, dn HP LaserJet Enterprise M4555 MFP hp.com/go/support Current HP driver, support, and security alerts delivered directly to your desktop © Copyright 2019 HP Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services.