What is the TCG Opal Storage Specification?
The Trusted Computing Group (TCG) is an organization whose members work together to formulate industry standards, which it then makes public for use by those in industry.
TCG’s Storage Work Group created the Opal Security Subsystem Class (SSC) as one class of security management protocol for storage devices. It applies mainly to devices used in PCs and notebooks. The class defines specifications concerning file management on storage devices, and defines class level permissions for storage/retrieval of files, thus protecting user data. Devices conforming to Opal SSC specifications may be referred to as TCG Opal devices, a mark of trustworthiness.
TCG Opal Features
Opal is a comprehensive set of guidelines. The target audience includes manufacturers of storage devices, software vendors, system integrators, and academia. These specifications cover the manufacture of storage devices, system setup, management, and use; they allow for password protection and hierarchical storage management, while preventing data from being stolen or tampered with.
Storage devices complying with Opal SSC specifications feature the following:
- They are self-encrypting devices: Data encryption is performed on the device, without need to pass through the host. The encryption key is also stored on the device (commonly 128-bit or 256-bit AES is utilized).
- They feature boot authentication: When the user starts the device, the shadow MBR will conduct a pre-boot identification; where the user is cleared, the normal boot process will begin and connections to devices be made.
- They allow for sector specific permissions: The device manager may create a logical block address (LBA) range and assign different permissions for each LBA range. Only users with the correct key for a particular LBA range may perform permitted actions. Where drive locations are password-protected, only users with the correct key will be authorized entry.
- Each range can be erased independently and cryptographically. Where erasure takes place, the original MEK key is destroyed, and a new key is generated.
Advantages to Opal
In a hierarchically managed system, only authorized users may access data on a device to which they have added password protection; this minimizes the chance of data being stolen, tampered with, or lost.
All security functions take place within the device itself. They do not need to pass through the host (operating system); they do not utilize system resources, making for faster and more secure operation and preventing operating system compatibility issues.
Information security is equally important for both business and personal users. Today, security is a growing concern as greater amounts of data are being created and utilized. The TCG designed Opal to address both software and hardware approaches to security, and the need for hierarchical management. From the manufacturer to the user, Opal is a standard that serves the needs of everyone.
Transcend’s AES SSDs are compliant with the TCG Opal 2.0 standards, and can be customized by request to meet specific customer needs.