Opal Storage Specification

The Opal Storage Specification is a set of specifications for features of data storage devices (such as hard disk drives and solid state drives) that enhance their security. For example, it defines a way of encrypting the stored data so that an unauthorized person who gains possession of the device cannot see the data. That is, it is a specification for self-encrypting drives (SED).

The specification is published by the Trusted Computing Group Storage Workgroup.

Overview

The Opal SSC (Security Subsystem Class) is an implementation profile for Storage Devices built to:

• Protect the confidentiality of stored user data against unauthorized access once it leaves the owner's control (involving a power cycle and subsequent deauthentication).
• Enable interoperability between multiple SD vendors.^[1]

Functions

The Opal SSC encompasses these functions:

• Security provider support
• Interface communication protocol
• Cryptographic features
• Authentication
• Table management
• Access control and personalization
• Issuance
• SSC discovery

Features

• Security Protocol 1 support
• Security Protocol 2 support
• Communications
• Protocol stack reset commands

Security

Radboud University researchers indicated in November 2018 that some hardware-encrypted SSDs, including some Opal implementations, had security vulnerabilities.^[2]

Implementers of SSC

Device companies

• Hitachi
• Intel Corporation^[3]
• Kingston Technology^[4]
• Lenovo^[5]
• Micron Technology^[6]
• Samsung^[7]
• SanDisk^[8]
• Seagate Technology^[9][10] as "Seagate Secure"
• Toshiba^[11][12][13]

Storage controller companies

• Marvell^[14][15]
• Avago/LSI SandForce flash controllers^[16]

Software companies

• Absolute Software^[17]
• Check Point Software Technologies^[18]
• Dell Data Protection^[19]
• Cryptomill^[20]
• McAfee^[21]
• Secude ^[22]
• Softex Incorporated^[23]
• Sophos^[24]
• Symantec^[25] (Symantec supports OPAL drives, but does not support hardware-based encryption.)^[26]
• Trend Micro^[27]
• WinMagic^[28]
• OpalLock^[29](OpalLock support Self-Encrypt-Drive capable SSD and HDD. Develop by Fidelity Height LLC)

Computer OEMs

• Dell^[30]
• HP^[31]
• Lenovo^[32]
• Fujitsu^[33]
• Panasonic^[34]
• Getac^[35]

References

1. TCG Storage Security Subsystem Class: Opal Specification Version 2.01 Revision 1.00. Trusted Computing Group, Incorporated. 05 August 2015. Retrieved 2019-11-22.
2. Meijer, Carlo; van Gastel, Bernard (19–23 May 2019). Self-Encrypting Deception: Weaknesses in the Encryption of Solid State Drives. 2019 IEEE Symposium on Security and Privacy (SP). San Francisco, CA, USA: IEEE. pp. 72–87. doi:10.1109/SP.2019.00088. hdl:2066/207837. ISBN 978-1-5386-6660-9. ISSN 2375-1207.
3. "Intel® SSD Pro 1500 Series (M.2): Specs". Intel.com. Retrieved 2017-05-03.
4. "Solid State Hard Drives for Business". Kingston.com. 2017-03-05. Retrieved 2017-05-03.
5. Clain Anderson (2011-02-16). "Opal – More than a Semi-Precious Stone | Lenovo". Blog.lenovo.com. Retrieved 2017-05-03.
6. "Micron Technology, Inc. - Full SSD Part Catalog". Micron.com. Retrieved 2017-05-03.
7. "Samsung V-NAND SSD". Samsung.com. Retrieved 2017-05-03.
8. "SanDisk's X300s Solid State Drive". Archived from the original on 2014-08-03. Retrieved 2014-08-02.
9. "News". Seagate. Retrieved 2017-05-03.
10. "Full Disk Encryption Software, Hard Drives, SSDs & Whole Disk". WinMagic. Retrieved 2017-05-03.
11. "Fujitsu Develops HDD Security Technology based on Opal SSC Standards - Fujitsu Global". Fujitsu.com. Retrieved 2017-05-03.
12. "Specialty | TOSHIBA Storage & Electronic Devices Solutions Company | Americas". Storage.toshiba.com. Retrieved 2017-05-03.
13. "Specialty | TOSHIBA Storage & Electronic Devices Solutions Company | Americas". Storage.toshiba.com. Retrieved 2017-05-03.
14. "Marvell Technology Group Ltd". Marvell.com. Retrieved 2017-05-03.
15. "Marvell, Kingston Collaboration Proves Positive with Over Six Million SSD Units Shipped". Kingston Technology. Retrieved 30 December 2021.
16. "SandForce Flash Storage Processor SSD Controllers". Archived from the original on 2013-08-08. Retrieved 2013-08-01.
17. "Self-Healing Endpoint Security". Absolute. Retrieved 2017-05-03.
18. "Industry-Leading Cyber Security Keeps Networks, Data Centers, Mobile Devices & Endpoints One Step Ahead | Check Point Software". Checkpoint.com. Retrieved 2017-05-03.
19. "Data Security | Dell United States". Dell.com. 2017-04-26. Retrieved 2017-05-03.
20. "CryptoMill :: Products & services". Archived from the original on 2012-02-09. Retrieved 2012-01-14.
21. "McAfee Corporate KB - KB75045". Kc.mcafee.com. Retrieved 2017-05-03.
22. "FinallySecure™ Enterprise - SECUDE AG". Archived from the original on 2012-01-26. Retrieved 2012-01-14.
23. "Comprehensive Data Encryption and Protection Solutions - SecureDrive". Softexinc.com. 2014-06-20. Retrieved 2017-05-03.
24. "Full Disk Encryption | Always-On, Multi-Platform Enterprise Encryption Synchronizes Devices, Hard Drives, Removable Media, BitLocker, and Cloud Storage Protection in Real-Time". Sophos.com. Retrieved 2017-05-03.
25. "Endpoint Encryption Powered by PGP Technology". Symantec.com. Retrieved 2017-05-03.
26. "Archived copy". Archived from the original on 2017-09-25. Retrieved 2016-02-03.
27. "Data Protection – Endpoint and Gateway Suites | Trend Micro". Us.trendmicro.com. Retrieved 2017-05-03.
28. "Full Disk Encryption Software, Hard Drives, SSDs & Whole Disk". WinMagic. Retrieved 2017-05-03.
29. "Software management of TCG self-encrypting drives". Fidelity Height LLC.
30. "Dell Official Site | Dell United States". Dell.com. 2017-04-26. Retrieved 2017-05-03.
31. "Laptop Computers, Desktops, Printers and more | HP® Official Site". Hp.com. Retrieved 2017-05-03.
32. [1] Archived 2008-08-28 at the Wayback Machine
33. "Fujitsu News Updates - Fujitsu UK". Fujitsu.com. Retrieved 2017-05-03.
34. "Panasonic Toughpad | Rugged Tablet | Toughpad". Panasonic.com. 2015-10-27. Retrieved 2017-05-03.
35. "Rugged Notebooks, Tablets, Handhelds and Laptops from". Getac.com. Retrieved 2017-05-03.

External links

• Storage Work Group Storage Security Subsystem Class: Opal