Manualshelf

User Manual

ManualsBrandsSeagate Technology ManualsSeagate Technology Hard Drives & Storage2TB ENT CAP 2.5 HDD SATA 7200 RPM 128MB 2.5IN
11121314151617181920
Enterprise Self-Encrypting Drive User’s Guide, Rev. B 17
A similar process is used to change the credential values (passwords) for the Locking SP rather than the Admin SP,
however a look at Figure 10 will show that there are some additional parameters that need attention with BandMas-
terX.
The ReadLockEnabled and WriteLockEnabled parameters do not lock the data band in question, they merely enable the
locking mechanism and allow the parameter LockOnReset to be effective. When this parameter is set to PowerCycle,
the data band will lock automatically when power is removed and reapplied.
Though not shown here, the drive can also be locked and unlocked by setting the parameters ReadLocked and
WriteLocked to TRUE or FALSE.
One further point, the ReadLockEnabled and WriteLockEnabled parameters must be set as a pair such that they must
both be TRUE or they must both be FALSE. The drive will ignore any attempt to set a TRUE/FALSE or FALSE/TRUE combi-
nation. The same applies to the ReadLocked/WriteLocked pair.
In an Enterprise application, the assumption is made that the operating environment is secure and that band locking
is only really required when the drive is removed from its cabinet (causing loss of power). Failure to ensure that the
data band will lock on a power cycle allows access to user data following removal of the drive from its system enclo-
sure.
If there is any suspicion of malicious activity during normal operation of the drive, the ReadLocked/WriteLocked pair
can be used to lock and unlock the data band as required.
2.9 Summary
An SED and a standard drive have the same hardware and with a few exceptions respond to the same SCSI command
set, however the SED goes through additional manufacturing processes which install security partitions on the drive
and enable the encryption engine. No one is allowed access to the cipher text on the media or in the data buffer, and
therefore the SCSI commands that would allow this access are not available on SEDs. When shipped from the factory,
all drive passwords are set to the value of the MSID credential which is printed on the label or may be obtained elec-
tronically from the drive. On receipt of a new drive, the owner should change all passwords to personalize the drive in
order to prevent a DoS attack.