A Self-Encrypting Drive (SED) is a storage device that integrates encryption of user data at rest. Specialized hardware inside the storage device controller encrypts all user data written to the device. The security and privacy benefits of SEDs are important in many systems like the Internet of Things (IoT), medical devices, industrial systems, retail systems, defense equipment, transportation systems, and more. The data is encrypted by specialized hardware implemented inside the solid state drive controller. As data is read, it is decrypted. The encryption and decryption use a Media Encryption Key (MEK) generated internally within the solid state drive. The Trusted Computing Group's Opal specification defines a management interface for a host application to activate, provision, and manage encryption of user data. It includes required data structures and their content, as well as mechanisms for managing and configuring authentication credentials and access controls. Opal provides a way for a host application managing the functionality in the solid state drive to set an authentication credential that enables control over access to user data. When an authentication credential is set and the device is locked, user data can no longer be accessed. Once the correct authentication credential is supplied to the storage device by the host and the device is unlocked, data can be read from and written to it again.
TCG/Opal refers to Trusted Computing Group Opal. The Trusted Computing Group develops open standards for trusted computing platforms. The latest Opal Storage Specification is currently version 2.0 and features demand encryption of stored data. This ensures that unauthorized individuals who gain possession of a drive will be unable to view or access the encrypted data.
The Drive Trust Alliance brings together leading self-encrypting drive (SED) technology. Storage device manufacturers, storage security software companies, IT departments, and everyday users will learn how to utilize SED technology to address many common data leakage issues. The Alliance maintains the popular "sedutil" application, which streamlines the configuration of self-encrypting drives by implementing the Trusted Computing Group's Opal specification for SATA and NVMe solid-state SEDs.
SP Industrial's SATA III and NVMe SSDs are equipped with an AES-256 encryption engine, providing hardware-based secure data encryption with no performance loss. If TCG/Opal features are enabled, the SSDs follow the TCG/Opal specification encrypting user data at rest. When TCG/Opal features are not enabled, SP Industrial SATA III SSDs can perform alternate data encryption using the ATA security command set in the host system BIOS. TCG/Opal and ATA security cannot be used together. Encryption always runs but keys aren't managed and data isn't secure until TCG/Opal or ATA security is enabled. SP Industrial's SATA III and NVMe SSDs comply with TCG/Opal 2.0 as confirmed by fully testing with the Drive Trust Alliance program "sedutil". Please contact an SP Industrial sales representative for the current TCG/Opal 2.0 compliance list.