Manualshelf

User Manual

ManualsBrandsSeagate Technology ManualsSeagate Technology Hard Drives & StorageSeagate 2TB EXOS 7E2000 ENT CAP 2.5 HDD - ST2000NX0273
11121314151617181920
Enterprise Self-Encrypting Drive User’s Guide, Rev. B 13
2.2 Logical ports
Some specialized functions within the drive have been assigned access via a logical (or virtual) port. These functions
have no physical port on the drive that may be accessed through a connector. They provide access to maintenance or
diagnostic resources within the drive and are not used during normal operation. These ports do not provide access to
user data and may be locked or unlocked by the owner (the password holder) at any time. In addition, they may be
conditioned to lock automatically following a drive power cycle. The only logical port which will concern us is the
Firmware Download Port, which must be unlocked before firmware updates will be accepted by the drive. We’ll talk
about firmware downloads in detail in Section 5.0 of this Users’ Guide.
There are four authentication keys needed in order to gain access to all of the drive’s operational resources. These are
32-byte passwords which are identified by the credential names SID, MSID, PSID, BandMaster and EraseMaster as
shown in Figure 7. We’ll take a look at each of these in turn:
2.3 SID (Secure ID)
This password is also known as the owner’s password or owner’s credential. It is used to lock and unlock the firmware
download port. It can also be used to prevent a drive from being switched into the Diagnostic State (see the MSID
discussion below) for advanced failure analysis.
Figure 7. Security partitions and associated authentication keys
2.4 MSID (Manufacturer’s Secure ID)
This password is assigned by Seagate during the manufacturing process and is a password that cannot be changed by
the host system. When the drive is shipped from Manufacturing, all the other passwords namely SID, BandMaster and
EraseMaster are set to the value of MSID which can be obtained electronically from the drive across the interface.
When the drive is delivered, the new owner should personalize the drive by defining new passwords for SID, Band-
Master and EraseMaster. Failure to do so means that anyone can use the MSID to preempt the owner and take control
of the drive. Such an attack on the drive is known as Denial of Service (DoS) since the rightful owner has been locked
out.