First draft specification for "Trusted Storage"

After barely one and a half years of work the Trusted Computing Group (TCG) has presented a first draft specification (PDF) for "Trusted Storage" and has declared the aim of adopting a final standard "in the near future". The draft determines the standardized implementation of security and encryption functions in hard disks, tape drives and other storage media and also defines precise rules for the interplay of drives with Trusted Platform Modules (TPM). TPMs have already been available for PCs and notebooks for quite some time and they serve to secure keys and cryptographic checksums.

During interaction with hard disks for example, TPMs can regulate access to data located on encrypted and access-protected drives. In the future, hard disks may be able to implement some of the security functions of the "Trusted Storage" specification requirements directly in the hardware and Firmware of the drive using as storage a secure and hidden Partition key and table to provide information about user and host data access privileges. Specifically for communication with hard disks like these, the draft for the ATA-8 specification (PDF) provides some new ATA commands, and even for SCSI devices a couple of new security commands (PDF) are planned.

The first hard disk that fulfils the requirements of the Trusted Computing Group and can communicate with TPMs and encrypt data using 128-bit AES is ostensibly Seagate's Momentus FDE.2 (Full Disk Encryption) for notebooks. The manufacturer describes the implemented security function itself as DriveTrust technology. Hitachi claims that they also started supplying a few days ago, with their models Travelstar 5K200 and Travelstar 5K250 notebook hard disks with a built-in encryption chip (128-Bit-AES). The access control is handled here, however, by an ATA Security Feature Set. However, Hitachi is debating how to fulfil the requirements of the Trusted Computing Group for future drive generations and to teach their disk drives to communicate with TPMs. 3.5" hard disks with built-in data encryption are up to now only offered by Excelstor.

(mba)