Table of Contents
Advertisement
www.seagate.com
11.2.3
Default password
When the drive is shipped from the factory, all passwords are set to the value of MSID. This 32-byte random value can
only be read by the host electronically over the interface. After receipt of the drive, it is the responsibility of the owner
to use the default MSID password as the authority to change all other passwords to unique owner-specified values.
11.3
Random number generator (RNG)
The drive has a 32-byte hardware RNG that it is uses to derive encryption keys or, if requested to do so, to provide
random numbers to the host for system use, including using these numbers as Authentication Keys (passwords) for
the drive's Admin and Locking SPs.
11.4
Drive locking
In addition to changing the passwords, as described in
data access controls for the individual bands.
The variable LockOnReset should be set to PowerCycle to ensure that the data bands will be locked if power is lost. In
addition ReadLockEnabled and WriteLockEnabled must be set to true in the locking table in order for the bands
LockOnReset setting of PowerCycle to actually lock access to the band when a PowerCycle event occurs. This scenario
occurs if the drive is removed from its cabinet. The drive will not honor any data READ or WRITE requests until the
bands have been unlocked. This prevents the user data from being accessed without the appropriate credentials
when the drive has been removed from its cabinet and installed in another system.
When the drive is shipped from the factory, the firmware download port is unlocked allowing the drive to accept any
attempt to download new firmware. The drive owner must use the SID credential to lock the firmware download port
before firmware updates will be rejected.
11.5
Data bands
When shipped from the factory, the drive is configured with a single data band called Band 0 (also known as the
Global Data Band) which comprises LBA 0 through LBA max. The host may allocate Band1 by specifying a start LBA
and an LBA range. The real estate for this band is taken from the Global Band. An additional 7 Data Bands may be
defined in a similar way (Band2 through Band8) but before these bands can be allocated LBA space, they must first be
individually enabled using the EraseMaster password.
Data bands cannot overlap but they can be sequential with one band ending at LBA (x) and the next beginning at LBA
(x+1).
Each data band has its own drive-generated encryption key and its own user-supplied password. The host may
change the Encryption Key or the password when required. The bands shall be aligned to 4KB LBA boundaries.
Seagate Nytro 5050 NVMe SSD Product Manual, Rev C
Section 11.2.3 Default
password, the owner should also set the
62
Advertisement
Table of Contents
