Table of Contents
Advertisement
9.21.6
Firmware Download and Signing
Digitally signed WDC Firmware downloaded to WDC branded drives provides a mechanism for secure updates
through the Host interface. Firmware is downloaded to the drive through the host interface, and the signature is
verified using a public key installed in the reserved area during manufacturing, before it is loaded to RAM or installed
in the reserved area on the HDD.
Signature verification uses the RSA-PSS (Probabilistic Signature Scheme) signature verification algorithm with
EMSA-SHA256 as padding function.
All WDC firmware packages are signed. All WDC branded drives verify the signature. If the signature fails to
verify, WDC branded drives reject the downloaded firmware package. Failures to authenticate the firmware image
will result in Check Condition with KCQ 5/26/9a (FRU 0). The act of issuing a firmware download to the drive will
result in an implicit close of all open sessions at the security layer.
9.21.7
Ports
The ports capability is a WDC feature which is not a requirement under TCG Enterprise SSC. In order to use the
ports capabilities on encryption drives, the user must successfully authenticate. Once a user successfully
authenticates, they may change the state of any of the ports at any time during an active session to either the locked
or unlocked state. The functionality and definition of these ports is shown below in a table.
The feature does make use of the TCG structures and tables. An additional table, the ports table, has been
implemented, and additional entries were made to the Admin SP ACE table and the Admin SP AccessControl Table.
The ports table and the modified TCG Enterprise SSC tables are shown below
Port Name
Firmware Download
Diagnostics
Table 81 Ports Functionality
UID
00 01 00 02 00 01 00 02
00 01 00 02 00 01 00 01
Table 82 Ports Table
Description
This port has 2 valid states: locked and unlocked.
On encryption drives, the download port is unlocked initially, Lock On Reset is "Null".
Code can be downloaded onto the drive after the signature is successfully verified. If the
signature cannot be verified successfully, no firmware can be downloaded to the drive.
The user can change the state of the firmware download port only after authentication.
On non-encryption drives, this port will be set to unlocked at the factory, and the state
cannot be changed by the user.
non-encryption drive through this port is verified by the drive.
This port has 2 valid states: locked and unlocked. This port allows WDC access to
modify any TCG table or key. In order to open this port both the SID and the Maker
authorities need to be authenticated. The purpose of this port is to aid WDC in debugging
Name
Firmware_Dload_Port
Diagnostic_Port
Western Digital Hard Disk Drive OEM Specification
The digital signature of all firmware downloaded to the
LockOnReset
PortLocked
Null
PowerCycle
105
FALSE
TRUE
Advertisement
Table of Contents
