Opal Storage Specification Explained

The Opal Storage Specification is a set of specifications for features of data storage devices (such as hard disk drives and solid state drives) that enhance their security. For example, it defines a way of encrypting the stored data so that an unauthorized person who gains possession of the device cannot see the data. That is, it is a specification for self-encrypting drives (SED).

The specification is published by the Trusted Computing Group Storage Workgroup.

Overview

The Opal SSC (Security Subsystem Class) is an implementation profile for Storage Devices built to:

• Protect the confidentiality of stored user data against unauthorized access once it leaves the owner's control (involving a power cycle and subsequent deauthentication).
• Enable interoperability between multiple SD vendors.^[1]

Functions

The Opal SSC encompasses these functions:

• Security provider support
• Interface communication protocol
• Cryptographic features
• Authentication
• Table management
• Access control and personalization
• Issuance
• SSC discovery

Features

• Security Protocol 1 support
• Security Protocol 2 support
• Communications
• Protocol stack reset commands

Security

Radboud University researchers indicated in November 2018 that some hardware-encrypted SSDs, including some Opal implementations, had security vulnerabilities.^[2]

Implementers of SSC

Device companies

• Hitachi
• Intel Corporation^[3]
• Kingston Technology^[4]
• Lenovo^[5]
• Micron Technology^[6]
• Samsung^[7]
• SanDisk^[8]
• Seagate Technology^{[9] [10]} as "Seagate Secure"
• Toshiba^{[11] [12] [13]}

Storage controller companies

• Marvell^{[14] [15]}
• Avago/LSI SandForce flash controllers^[16]

Software companies

• Absolute Software^[17]
• Check Point Software Technologies^[18]
• Dell Data Protection^[19]
• Cryptomill^[20]
• McAfee^[21]
• Secude ^[22]
• Softex Incorporated^[23]
• Sophos^[24]
• Symantec^[25] (Symantec supports OPAL drives, but does not support hardware-based encryption.)^[26]
• Trend Micro^[27]
• WinMagic^[28]
• OpalLock^[29] (OpalLock support Self-Encrypt-Drive capable SSD and HDD. Develop by Fidelity Height LLC)

Computer OEMs

• Dell^[30]
• HP^[31]
• Lenovo^[32]
• Fujitsu^[33]
• Panasonic^[34]
• Getac^[35]

External links

• Storage Work Group Storage Security Subsystem Class: Opal

Notes and References

1. TCG Storage Security Subsystem Class: Opal Specification Version 2.01 Revision 1.00. Trusted Computing Group, Incorporated. 05 August 2015. Retrieved 2019-11-22.
2. Meijer . Carlo . van Gastel . Bernard . Self-Encrypting Deception: Weaknesses in the Encryption of Solid State Drives . 19–23 May 2019 . 2019 IEEE Symposium on Security and Privacy (SP) . IEEE . San Francisco, CA, USA . 72–87 . 978-1-5386-6660-9 . 2375-1207 . 10.1109/SP.2019.00088 . free . 2066/207837 . free .
3. Web site: Intel® SSD Pro 1500 Series (M.2): Specs . Intel.com . 2017-05-03.
4. Web site: Solid State Hard Drives for Business . Kingston.com . 2017-03-05 . 2017-05-03.
5. Web site: Clain Anderson . Opal – More than a Semi-Precious Stone | Lenovo . Blog.lenovo.com . 2011-02-16 . 2017-05-03.
6. Web site: Micron Technology, Inc. - Full SSD Part Catalog . Micron.com . 2017-05-03.
7. Web site: Samsung V-NAND SSD . Samsung.com . 2017-05-03.
8. Web site: SanDisk's X300s Solid State Drive . 2014-08-02 . dead . https://web.archive.org/web/20140803081737/http://www.sandisk.com/products/ssd/sata/x300s . 2014-08-03 .
9. Web site: News . Seagate . 2017-05-03.
10. Web site: Full Disk Encryption Software, Hard Drives, SSDs & Whole Disk . WinMagic . 2017-05-03.
11. Web site: Fujitsu Develops HDD Security Technology based on Opal SSC Standards - Fujitsu Global . Fujitsu.com . 2017-05-03.
12. Web site: Specialty | TOSHIBA Storage & Electronic Devices Solutions Company | Americas . Storage.toshiba.com . 2017-05-03.
13. Web site: Specialty | TOSHIBA Storage & Electronic Devices Solutions Company | Americas . Storage.toshiba.com . 2017-05-03.
14. Web site: Marvell Technology Group Ltd . Marvell.com . 2017-05-03.
15. Web site: Marvell, Kingston Collaboration Proves Positive with Over Six Million SSD Units Shipped . Kingston Technology . 30 December 2021.
16. Web site: SandForce Flash Storage Processor SSD Controllers . 2013-08-01 . dead . https://web.archive.org/web/20130808084202/http://www.lsi.com/products/storagecomponents/Pages/sandforce_flash_storage_processors.aspx . 2013-08-08 .
17. Web site: Self-Healing Endpoint Security . Absolute . 2017-05-03.
18. Web site: Industry-Leading Cyber Security Keeps Networks, Data Centers, Mobile Devices & Endpoints One Step Ahead | Check Point Software . Checkpoint.com . 2017-05-03.
19. Web site: Data Security | Dell United States . Dell.com . 2017-04-26 . 2017-05-03.
20. Web site: CryptoMill :: Products & services . 2012-01-14 . dead . https://web.archive.org/web/20120209044329/http://www.cryptomill.com/products/default.php . 2012-02-09 .
21. Web site: McAfee Corporate KB - KB75045 . Kc.mcafee.com . 2017-05-03.
22. Web site: FinallySecure™ Enterprise - SECUDE AG . 2012-01-14 . dead . https://web.archive.org/web/20120126034405/http://www.secude.com/products/finallysecuretrade-enterprise/ . 2012-01-26 .
23. Web site: Comprehensive Data Encryption and Protection Solutions - SecureDrive . Softexinc.com . 2014-06-20 . 2017-05-03.
24. Web site: Full Disk Encryption | Always-On, Multi-Platform Enterprise Encryption Synchronizes Devices, Hard Drives, Removable Media, BitLocker, and Cloud Storage Protection in Real-Time . Sophos.com . 2017-05-03.
25. Web site: Endpoint Encryption Powered by PGP Technology . Symantec.com . 2017-05-03.
26. Web site: Archived copy . 2016-02-03 . dead . https://web.archive.org/web/20170925230747/https://support.symantec.com/en_US/article.tech217784.html . 2017-09-25 .
27. Web site: Data Protection – Endpoint and Gateway Suites | Trend Micro . Us.trendmicro.com . 2017-05-03.
28. Web site: Full Disk Encryption Software, Hard Drives, SSDs & Whole Disk . WinMagic . 2017-05-03.
29. Web site: Software management of TCG self-encrypting drives. . Fidelity Height LLC.
30. Web site: Dell Official Site | Dell United States . Dell.com . 2017-04-26 . 2017-05-03.
31. Web site: Laptop Computers, Desktops, Printers and more | HP® Official Site . Hp.com . 2017-05-03.
32. http://www.lenovo.com
33. Web site: Fujitsu News Updates - Fujitsu UK . Fujitsu.com . 2017-05-03.
34. Web site: Panasonic Toughpad | Rugged Tablet | Toughpad . Panasonic.com . 2015-10-27 . 2017-05-03.
35. Web site: Rugged Notebooks, Tablets, Handhelds and Laptops from . Getac.com . 2017-05-03.