TCG Storage Opal SSC Feature Set: PSID. Specification Version 1.00 Revision August 5, Contact:

Similar documents
TCG Storage Security Subsystem Class: Pyrite. Specification Version 1.00 Revision August 5, Contact:

FOR TCG ACPI Specification

TCG. TCG Storage Opal SSC: Test Cases Specification. Specification Version 2.01 Revision 2.18 January 30, 2018 Published

ERRATA FOR. Protection Profile PC Client Specific TPM. Errata Version 1.0 June 16, 2018 DRAFT. Specification Version 1.

ERRATA FOR. TCG TPM I2C Interface Specification. Errata Version 1.0 April 6, Family 2.0 Level 00 Revision 1.

TCG Storage Security Subsystem Class: Opal. Specification Version 2.01 Revision August 5, Contact:

TCG. TCG Storage Interface Interactions Specification. Specification Version 1.0. January 27, Contacts:

TCG Storage Application Note: Encrypting Drives Compliant with Opal SSC

ERRATA FOR. TCG Platform Attribute Credential Profile. Errata Version Published. Specification Version 1.0 Revision January 2018

TCG Storage Interface Interactions Specification (SIIS) Specification Version 1.02 Revision December, 2011 TCG

TCG. TCG Certification Program. TNC Certification Program Suite. Document Version 1.1 Revision 1 26 September 2011

TCG Compliance TNC IF-MAP Metadata for Network Security Compliance Test Plan

TCG Specification TCG. TPM 2.0 Mobile Command Response Buffer Interface. TCG Published. Family 2.0. Level 00 Revision 12.

R E F E R E N C E TCG. Trusted Multi-Tenant Infrastructure Work Group. Use Cases. Version 1.1. November 15, 2013

TCG. TCG Storage Core Spec Addendum: Secure Messaging. Specification Version 1.00 Revision August 5, 2015

TCG Physical Security Interoperability Alliance IP Video Use Case 002 (PSI-UC-IPV002) Specification Version 1.0 Revision 0.2

TCG Storage Work Group. Storage Certification Program. Program Version 1.0 Document Revision 1.22 March 16, Contact: Doug Gemmill, TCG CPM T C G

IETF TRUST. Legal Provisions Relating to IETF Documents. Approved November 6, Effective Date: November 10, 2008

IETF TRUST. Legal Provisions Relating to IETF Documents. February 12, Effective Date: February 15, 2009

The Intel SSD Pro 2500 Series Guide for Microsoft edrive* Activation

SDLC INTELLECTUAL PROPERTY POLICY

TCG Physical Presence Interface Specification

QPP Proprietary Profile Guide

Seagate Secure TCG Enterprise SSC Pulsar.2 Self-Encrypting Drive FIPS 140 Module Security Policy

EAM Portal User's Guide

Packet Trace Guide. Packet Trace Guide. Technical Note

OpenFlow Controller/Switch NDM Synchronization v1.0

NTLM NTLM. Feature Description

Ecma International Policy on Submission, Inclusion and Licensing of Software

Intel Stress Bitstreams and Encoder (Intel SBE) 2017 AVS2 Release Notes (Version 2.3)

Quest Enterprise Reporter 2.0 Report Manager USER GUIDE

Ecma International Policy on Submission, Inclusion and Licensing of Software

SAM4 Reset Controller (RSTC)

Epic. Epic Systems. Deployment Guide

OpenFlow Switch Errata

SD1306. Speed Dome IP Camera. Quick User Guide

Migration Tool. Migration Tool (Beta) Technical Note

RSA Two Factor Authentication

Identity Federation Requirements

MERIDIANSOUNDINGBOARD.COM TERMS AND CONDITIONS

INCLUDING MEDICAL ADVICE DISCLAIMER

Getting Started with MTConnect: Architecture

MDVR for the Blackberry

End User License Agreement

One Identity Manager Administration Guide for Connecting to SharePoint

Network-MIDI Driver Installation Guide

Intel Cluster Ready Allowed Hardware Variances

Hierarchical Data Extension UUID For _DSD

Release Notes. BlackBerry Enterprise Identity

Open Source Used In TSP

TCG. SNMP MIB for TPM-Based Attestation

Terms of Use. Changes. General Use.

Splunk. Splunk. Deployment Guide

Adobe Connect. Adobe Connect. Deployment Guide

TCG. TCG Storage Interface Interactions Specification (SIIS) Specification Version 1.08 Revision 1.00 October 26, 2018

SMASH Collections Profile SM CLP Command Mapping Specification

SAML SSO Okta Identity Provider 2

Tisio CE Release Notes

DME-N Network Driver Installation Guide for M7CL

AN NTAG I²C plus memory configuration options. Application note COMPANY PUBLIC. Rev June Document information

SharePoint Farm Reporter Installation Guide

Preface. Audience. Cisco IOS Software Documentation. Organization

VMware vcenter Log Insight Manager. Deployment Guide

One Identity Quick Connect for Base Systems 2.4. Administrator Guide

MyCreditChain Terms of Use

One Identity Manager 8.0. Administration Guide for Connecting to a Universal Cloud Interface

AT11512: SAM L Brown Out Detector (BOD) Driver. Introduction. SMART ARM-based Microcontrollers APPLICATION NOTE

LoadMaster VMware Horizon (with View) 6. Deployment Guide

Enhanced Serial Peripheral Interface (espi) ECN

TERMS & CONDITIONS. Complied with GDPR rules and regulation CONDITIONS OF USE PROPRIETARY RIGHTS AND ACCEPTABLE USE OF CONTENT

SafeNet Authentication Client

KEMP Driver for Red Hat OpenStack. KEMP LBaaS Red Hat OpenStack Driver. Installation Guide

Stellar Phoenix Password Recovery For Windows Server. Version 2.0. User Guide

One Identity Defender 5.9. Product Overview

APPLICATION NOTE. Atmel AT03261: SAM D20 System Interrupt Driver (SYSTEM INTERRUPT) SAM D20 System Interrupt Driver (SYSTEM INTERRUPT)

One Identity Starling Two-Factor Authentication. Administrator Guide

SafeNet Authentication Service

Request for Comments: Oversi O. Nicklass, Ed. RADVISION May Definitions of Textual Conventions for Pseudowire (PW) Management

SafeNet Authentication Service (SAS) Service Provider Billing and Reporting Guide

Quick Start Guide. BlackBerry Workspaces app for Android. Version 5.0

Device Pack. Network Video Management System Standard Edition. Release Note. Software Version: 9.5a Sony Corporation

One Identity Active Roles 7.2. Management Pack Technical Description

MySonicWall Secure Upgrade Plus

TCG Physical Presence Interface Specification

Anybus Wireless Bridge Ethernet Bluetooth Access Point Product Guide

Security Explorer 9.1. User Guide

One Identity Password Manager User Guide

Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Moodle. Moodle. Deployment Guide

TCG. TCG Storage Interface Interactions Specification (SIIS) Specification Version 1.07 Revision 1.00 January 30, 2018

One Identity Starling Two-Factor Authentication. Administration Guide

Bar Code Discovery. Administrator's Guide

TCG TSS 2.0 TPM Command Transmission Interface (TCTI) API Specification

XEP-0206: XMPP Over BOSH

Oracle Binary Code License Agreement for Java Secure Sockets Extension for Connected Device Configuration 1.0.2

PRODUCT SPECIFIC LICENSE TERMS Sybase Enterprise Portal Version 5 Application Edition ( Program )

One Identity Active Roles 7.2. Replication: Best Practices and Troubleshooting Guide

System Architecture Model Version 1.1 WV Tracking Number: WV-020

Qseven Specification. Qseven Camera Feature Connector

Stellar WAB to PST Converter 1.0

Transcription:

TCG Storage Opal SSC Feature Set: PSID Revision 1.00 August 5, 2015 Contact: admin@trustedcomputinggroup.org TCG PUBLISHED Copyright TCG 2015

Copyright 2015 Trusted Computing Group, Incorporated. Disclaimers, Notices, and License Terms THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY, NONINFRINGEMENT, FITNESS FOR ANY PARTICULAR PURPOSE, OR ANY WARRANTY OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. Without limitation, TCG disclaims all liability, including liability for infringement of any proprietary rights, relating to use of information in this specification and to the implementation of this specification, and TCG disclaims all liability for cost of procurement of substitute goods or services, lost profits, loss of use, loss of data or any incidental, consequential, direct, indirect, or special damages, whether under contract, tort, warranty or otherwise, arising in any way out of use or reliance upon this specification or any information herein. This document is copyrighted by Trusted Computing Group (TCG), and no license, express or implied, is granted herein other than as follows: You may not copy or reproduce the document or distribute it to others without written permission from TCG, except that you may freely do so for the purposes of (a) examining or implementing TCG specifications or (b) developing, testing, or promoting information technology standards and best practices, so long as you distribute the document with these disclaimers, notices, and license terms. Contact the Trusted Computing Group at www.trustedcomputinggroup.org for information on specification licensing through membership agreements. Any marks and brands contained herein are the property of their respective owners. Revision 1.00 Page ii

TABLE OF CONTENTS 1 INTRODUCTION... 1 1.1 DOCUMENT PURPOSE... 1 1.2 SCOPE AND INTENDED AUDIENCE... 1 1.3 KEY WORDS... 1 1.4 DOCUMENT REFERENCES... 1 1.5 DOCUMENT PRECEDENCE... 1 1.6 DEPENDENCIES ON OTHER FEATURE SETS... 2 1.7 INTERACTIONS WITH OTHER FEATURE SETS... 2 1.8 TERMINOLOGY... 2 1.9 LEGEND... 3 2 PSID FEATURE SET OVERVIEW... 4 3 SSC SPECIFIC FUNCTIONALITY... 5 4 FEATURE SET REQUIREMENTS... 6 4.1 LEVEL 0 DISCOVERY... 6 4.2 ADMIN SP... 6 4.2.1 PSID Authority (M)... 6 4.2.1.1 PSID Authority Object Access Control... 6 4.2.2 PSID Authority Associated Credential... 7 4.2.2.1 PSID C_PIN Object Access Control... 7 4.2.3 New ACEs... 7 4.2.3.1 ACE_C_PIN_Get_PSID_NoPIN... 7 4.2.3.1.1 ACE_C_PIN_Get_PSID_NoPIN Access Control... 8 4.2.3.2 ACE_SP_PSID... 8 4.2.3.2.1 ACE_SP_PSID Access Control... 8 4.2.4 Performing Device Reversion... 8 4.3 LOCKING SP... 9 4.4 ADDITIONAL SPS... 9 Revision 1.00 Page iii

Tables Table 1 PSID Authority... 6 Table 2 PSID Authority Access Control Settings... 6 Table 3 PSID C_PIN... 7 Table 4 PSID C_PIN Access Control Settings... 7 Table 5 ACE_C_PIN_Get_PSID_NoPIN ACE... 8 Table 6 ACE_SP_PSID ACE... 8 Table 7 Device Reversion Access Control Settings... 9 Revision 1.00 Page iv

1 Introduction 1.1 Document Purpose The Storage Workgroup specifications provide a comprehensive architecture for putting Storage Devices under policy control as determined by the trusted platform host, the capabilities of the Storage Device to conform with the policies of the trusted platform, and the lifecycle state of the Storage Device as a Trusted Peripheral. 1.2 Scope and Intended Audience This specification defines the PSID Feature Set for the Opal Security Subsystem Class (SSC). Any Storage Device that claims Opal SSC PSID Feature Set compatibility SHALL conform to this specification. The intended audience for this specification is both trusted Storage Device manufacturers and developers that want to use these Storage Devices in their systems. 1.3 Key Words Key words are used to signify SSC requirements. The Key Words SHALL, SHALL NOT, SHOULD, and MAY are used in this document. These words are a subset of the RFC 2119 key words used by TCG, and have been chosen since they map to key words used in T10/T13 specifications. These key words are to be interpreted as described in [1]. In addition to the above key words, the following are also used in this document to describe the requirements of particular features, including tables, methods, and usages thereof. Mandatory (M): When a feature is Mandatory, the feature SHALL be implemented. A Compliance test SHALL validate that the feature is operational. Optional (O): When a feature is Optional, the feature MAY be implemented. If implemented, a Compliance test SHALL validate that the feature is operational. Excluded (X): When a feature is Excluded, the feature SHALL NOT be implemented. A Compliance test SHALL validate that the feature is not operational. Not Required (N) When a feature is Not Required, the feature MAY be implemented. No Compliance test is required. 1.4 Document References [1]. IETF RFC 2119, 1997, Key words for use in RFCs to Indicate Requirement Levels [2]. Trusted Computing Group (TCG), TCG Storage Architecture Core Specification, see [3] for the applicable specification version [3]. Trusted Computing Group (TCG), TCG Storage Security Subsystem Class: Opal, Versions 1.00, 2.00, 2.01, or compatible [4]. Trusted Computing Group (TCG), TCG Storage Storage Interface Interactions Specification, see [3] for the applicable specification version 1.5 Document Precedence In the event of conflicting information in this specification and other documents, the precedence for requirements is: 1. This specification and TCG Storage Security Subsystem Class: Opal [3] (these two documents are at the same level of precedence, and SHALL NOT conflict with each other) Revision 1.00 Page 1

2. Storage Interface Interactions Specification [4] 3. TCG Storage Architecture Core Specification [2] 1.6 Dependencies on Other Feature Sets This feature set has no dependencies on other feature sets. 1.7 Interactions with Other Feature Sets This feature set has no interactions with other feature sets. 1.8 Terminology This section provides special definitions that are not defined in the Core Specification. Table 1 PSID Feature Set Terminology Term PSID Definition Physical Presence SID Revision 1.00 Page 2

1.9 Legend The following legend defines SP table cell coloring coding. This color coding is informative only. The table cell content is normative. Table 2 SP Table Legend Table Cell Legend R-W Value Access Control Comment Arial-Narrow Read-only Opal SSC specified Fixed Cell content is Read-Only. Access control is fixed. Value is specified by the Opal SSC Arial Narrow bold-under Read-only VU Fixed Arial- Narrow Arial Narrow bold-under Arial-Narrow Not Defined Write Write (N) Preconfigured, user personalizable Preconfigured, user personalizable Not Defined Preconfigured, user personalizable Fixed Cell content is Read-Only. Access Control is fixed. Values are Vendor Unique (VU). A minimum or maximum value may be specified. Cell content content is (N). Access control is not defined. Any text in table cell is informative only. A Get MAY omit this column from the method response. Cell content is writable. Access control is personalizable Get Access Control is not described by this color coding Cell content is writable. Access control is fixed. Get Access Control is not described by this color coding Revision 1.00 Page 3

2 PSID Feature Set Overview Begin Informative Content The goal of the PSID Feature Set is to: Define an authority/credential pair whose C_PIN object s PIN column value is not discoverable via the interface. Provide access control settings that permit invocation of the Revert method if the PSID authority has been successfully authenticated. The primary use case for this is one where the SID is not known, or manageability of the device has been lost, and the owner wishes to attempt to reset the device to OFS via the Revert method defined in [3]. Because the PSID credential value is specified such that it is not discoverable via the interface, it is necessary that the credential value be delivered via an alternative mechanism. Examples of these mechanisms include printing the PSID credential on a device label; or including the value as an insert in the device packaging. The delivery mechanism is vendor unique. End Informative Content Revision 1.00 Page 4

3 SSC Specific Functionality This feature set requires no additional SSC-specific functionality. Revision 1.00 Page 5

4 Feature Set Requirements This section defines the Mandatory (M) and Optional (O) requirements for the PSID Feature Set, when it is implemented in an Opal-compliant device. 4.1 Level 0 Discovery No Level 0 Feature Descriptor is needed for this feature set. Support for the PSID Feature Set can be determined by inspection of the Admin SP s Authority table. 4.2 Admin SP An Opal-compliant SD that contains the PSID Feature Set SHALL contain the additions to the Admin SP specified in this section, in addition to the Admin SP requirements defined in [3]. 4.2.1 PSID Authority (M) The PSID authority SHALL have the characteristics defined in this section. Table 1 PSID Authority UID Name CommonName IsClass Class Enabled Secure HashAndSign PresentCertificate Operation Credential ResponseSign ResponseExch ClockStart ClockEnd Limit Uses Log LogTo 00 00 00 09 00 01 FF 01 "PSID" PhysicalDrive Owner F Null T None None F Password C_PIN_PSID Null Null 4.2.1.1 PSID Authority Object Access Control Access control on methods applicable to the PSID authority object are as defined in this section. Table 2 PSID Authority Access Control Settings Table Association - informative oly Authority UID InvokingID InvokingID Name - informative only MethodID CommonName ACL Log AddACEACL RemoveACEACL GetACLACL DeleteMethodACL AddACELog RemoveACELog GetACLLog DeleteMethodLog LogTo 00 00 00 09 00 01 FF 01 PSID Get ACE_Anybody ACE_Anybody Revision 1.00 Page 6

4.2.2 PSID Authority Associated Credential This section defines the attributes of the credential associated with the PSID authority, C_PIN_PSID. Support for this credential is Mandatory (M) if the PSID authority is supported. The PIN column value SHALL contain a vendor unique value that is a statistically unique value for each device. Table 3 PSID C_PIN UID Name CommonName PIN CharSet TryLimit Tries Persistence 00 00 00 0B 00 01 FF 01 "C_PIN_PSID" PhysicalDriveOwner VU Null VU VU FALSE 4.2.2.1 PSID C_PIN Object Access Control Access control on methods applicable to the PSID C_PIN object are as defined in this section. Table 4 PSID C_PIN Access Control Settings C_PIN 00 00 00 0B 00 01 FF 01 C_PIN_PSID Table association - Informative text UID InvokingID InvokingID Name - Iinformative text MethodID CommonName ACL Log AddACEACL RemoveACEACL GetACLACL DeleteMethodACL AddACELog RemoveACELog GetACLLog Get DeleteMethodLog LogTo ACE_C_PIN_Get_PSID_NoPIN ACE_Anybody 4.2.3 New ACEs This section defines new ACEs to be added in conjunction with the PSID authority/credential. 4.2.3.1 ACE_C_PIN_Get_PSID_NoPIN This section defines the ACE that enables retrieval of the attributes of C_PIN_PSID. Support for this ACE is Mandatory (M) if the PSID authority is supported. Revision 1.00 Page 7

Table 5 ACE_C_PIN_Get_PSID_NoPIN ACE Table Assocuiation - Informative text UID Name CommonName BooleanExpr Columns ACE 00 00 00 08 00 01 00 E1 ACE_C_PIN_Get_PSID_NoPIN Anybody UID, CharSet, TryLimit, Tries, Persistence 4.2.3.1.1 ACE_C_PIN_Get_PSID_NoPIN Access Control Get access to ACE objects is as defined by [3]. 4.2.3.2 ACE_SP_PSID This section defines the ACE that allows the PSID authority to be used to perform a device reversion operation. Support for this ACE is Mandatory (M) if the PSID authority is supported. Table 6 ACE_SP_PSID ACE Table Assocuiation - Informative text ACE UID 00 00 00 08 00 01 00 E0 Name CommonName BooleanExpr Columns ACE_SP_PSID PSID All 4.2.3.2.1 ACE_SP_PSID Access Control Get access to ACE objects is as defined by [3]. 4.2.4 Performing Device Reversion This section details the access control settings for using the PSID authority to invoke the Revert method. Support for this capability is Mandatory (M) if the PSID authority is supported. Revision 1.00 Page 8

Table 7 Device Reversion Access Control Settings ACE Table Association - informative oly UID InvokingID InvokingID Name - informative only MethodID CommonName ACL Log AddACEACL RemoveACEACL GetACLACL DeleteMethodACL AddACELog RemoveACELog GetACLLog DeleteMethodLog LogTo 00 00 02 05 00 00 00 01 AdminSPObj Revert ACE_SP_SID, ACE_SP_PSID ACE_Anybody 4.3 Locking SP This feature set requires no additions to the Locking SP. 4.4 Additional SPs This feature set requires no additional SPs. Revision 1.00 Page 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback