Table of Contents
Advertisement
Quick Links
Mercury Systems ASURRE-Stor
Administrative Guidance
Mercury Systems ASURRE-Stor
Non-Proprietary Administrative Guidance
Copyright 2020 Mercury Systems. May only be reproduced in its original form (without revision)
Rev. 1.5.1 February 2020
© 2020 Mercury Systems. All rights reserved
ASD256/512 and ADR256/512
Solid State Self-Encrypting Drives
(Firmware revision 1.5.1 and Hardware revision 3.0)
Date: February 4, 2020
Document revision 1.5.1
®
SSD
®
Advertisement
Table of Contents
Summary of Contents for Mercury Systems ASURRE-Stor ASD256
- Page 1 Non-Proprietary Administrative Guidance (Firmware revision 1.5.1 and Hardware revision 3.0) Date: February 4, 2020 Document revision 1.5.1 Copyright 2020 Mercury Systems. May only be reproduced in its original form (without revision) Rev. 1.5.1 February 2020 © 2020 Mercury Systems. All rights reserved...
-
Page 2: Table Of Contents
28 Mitigation of Other Attacks Policy ...................... 20 29 Security Guidance Summary ....................... 21 30 Change log ............................23 Copyright 2020 Mercury Systems. May only be reproduced in its original form (without revision) Mercury Systems, Inc. • (602) 437-1520 • Rev. 1.5.1 February 2020 ©... - Page 3 Figure 10: After strong UV exposure ..........................22 Figure 11: Screw head in UV light ............................22 Copyright 2020 Mercury Systems. May only be reproduced in its original form (without revision) Mercury Systems, Inc. • (602) 437-1520 • Rev. 1.5.1 February 2020 ©...
-
Page 4: Reference Documentation
This document is part of the evaluated administrative guidance for the TOE, and is available directly from Mercury. Table 2: Additional support documentation available from Mercury Systems Copyright 2020 Mercury Systems. May only be reproduced in its original form (without revision) Mercury Systems, Inc. • (602) 437-1520 • Rev. 1.5.1 February 2020 ©... -
Page 5: Table 3: Acronyms And Definitions
TOE behaves when the Master Password issued to unlock the device. Refer to the ATA7 specification V1 page 22. Mercury Systems Drive Utility. MDU is a Windows GUI utility that allows a Crypto Officer to quickly and easily perform the ®... -
Page 6: Introduction
Derivation Function SP 800-132) to create a derived 256-bit key (BEV/KEK) that the TOE uses to AES key wrap (AES-KW- Copyright 2020 Mercury Systems. May only be reproduced in its original form (without revision) Mercury Systems, Inc. • (602) 437-1520 •... -
Page 7: Failed Attempts Penalty
The TOE supports a feature to limit the number of sequential failed attempts to enter correct passwords, key values, and correct digital signature during firmware updates. When the maximum number of failed attempts count is Copyright 2020 Mercury Systems. May only be reproduced in its original form (without revision) Mercury Systems, Inc. • (602) 437-1520 •... -
Page 8: Toe Operation Prior Black Key Fill
10 Product Identification As with any secure product, it is important to verify that the product received from Mercury Systems has not been tampered with or replaced with a similar but non-compliant product during shipment. For an additional fee, Mercury Systems can ship the product using FedEx Custom Critical services. -
Page 9: Evaluated Configuration
ATA password with Self-generated Permanent key • ATA password with KEK with BLACK Key Copyright 2020 Mercury Systems. May only be reproduced in its original form (without revision) Mercury Systems, Inc. • (602) 437-1520 • Rev. 1.5.1 February 2020 © 2020 Mercury Systems. All rights reserved... -
Page 10: Part Numbers
ADR512AM2R-xyzIC Same options as ASD256AM2R-xyzIC (This model has reduced overprovisioning) Table 4: Part number summary Copyright 2020 Mercury Systems. May only be reproduced in its original form (without revision) Mercury Systems, Inc. • (602) 437-1520 • Rev. 1.5.1 February 2020 ©... -
Page 11: Scope Of Evaluation
SSD will function correctly in all products that include a standard SATA interface and are compliant to the SATA and ATA7 specification. Copyright 2020 Mercury Systems. May only be reproduced in its original form (without revision) Mercury Systems, Inc. • (602) 437-1520 •... -
Page 12: Operating Environment Assumptions And Requirements
• The Administrator understands that Mercury Systems supplies the TOE in an erased state. The TOE contains no data when delivered by Mercury systems. The Administrator shall not store information on the TOE until after completing the initial secure configuration procedure. -
Page 13: Unattended Operation
The Password is conditioned by PBKDF (SP 800-132) to create a derived key used to un-wrap BEV(KEK) which is them used to unwrap the BLACK key value to re-create the DEK and allow normal operation. Copyright 2020 Mercury Systems. May only be reproduced in its original form (without revision) Mercury Systems, Inc. • (602) 437-1520 •... -
Page 14: Figure 4: Diagram Of Operation In Mode 6, Ata Password With Kek And Black Key
The detailed commands to perform these steps are found (in sequential order, with all implementation details referenced) in section 2 of the SSD Secure Configuration Programmer’s Guide. Copyright 2020 Mercury Systems. May only be reproduced in its original form (without revision) Mercury Systems, Inc. • (602) 437-1520 •... -
Page 15: The Mercury Systems Mdu Utility
® Administrative Guidance 19 The Mercury Systems MDU Utility The initial secure configuration of the TOE can be accomplished using the Mercury Systems MDU Utility, though this is ® not evaluated functionality. When using MDU for configuration, connect the ASURRE-Stor SSD to a PC computer using standard SATA/Power cables, launching the Mercury Systems MDU utility, then beginning configuration. -
Page 16: Changing The Bev (Kek) And Black Key After The Toe Is Configured
- Control input (SATA commands) - Status Output Figure 6: Ports on the TOE Copyright 2020 Mercury Systems. May only be reproduced in its original form (without revision) Mercury Systems, Inc. • (602) 437-1520 • Rev. 1.5.1 February 2020 © 2020 Mercury Systems. All rights reserved... -
Page 17: Installing The Toe Into A Host System
The TOE has 4 mounting screw locations on the bottom side and 2 mounting locations along each of the 100.4 mm edges. Mercury Systems includes four M3 mm screws in the packaging with each TOE. To avoid damaging the enclosure and internal electronics, do not attempt to use longer screws unless a maximum insertion depth of 3 mm is maintained from the outside edge of the enclosure. -
Page 18: Figure 7: Sata Power Connector With 12 V Pin (P13, P14, P15) Removed To Show Pin Shorts
Figure 7: SATA power connector with 12 V pin (P13, P14, P15) removed to show pin shorts When possible, Mercury Systems recommends the use of connectors with individualized pins for each of the 15 pins in the power segment or an interface board that separates individual pins in the power segment. Figure 8 shows examples of SATA connectors with individualized pins. -
Page 19: Roles
ATA DOWNLOAD MICROCODE command. Mercury Systems makes firmware updates available to customers using a secure FTP login with a unique user name and password. The FTP site is managed by Mercury Systems. Contact your Mercury Systems sales representative to have a FTP login name and password generated. -
Page 20: Physical Security
While not intended as a tamper seal, the holographic label can be difficult to remove and will show signs of tearing or discoloration if improperly handled during a tamper event. Mercury Systems uses the custom label as an aid to help identify potential counterfeit units in the field. -
Page 21: Security Guidance Summary
TOE is CC compliant. • The Crypto Officer shall inspect each TOE carefully for any signs of tampering that may have occurred during shipment from Mercury Systems. Any TOE that shows signs of tampering should be returned to Mercury Systems. •... -
Page 22: Figure 9: Screw Head In Daylight
ATA password information, which creates a backdoor to the password and breaks the security of the system. Copyright 2020 Mercury Systems. May only be reproduced in its original form (without revision) Mercury Systems, Inc. • (602) 437-1520 •... -
Page 23: Change Log
Bob Laz. Rev. 1.5.1 Sabrina Piña 12/30/2019 Updated section 25 to describe changing firmware using a file provided by Mercury Systems and the ATA DOWNLOAD MICROCODE command. 2/4/2020 Updated document dates and copyright on cover page and footer. Updated section 29 to warn Crypto Officers about BIOS manufacturer’s that capture and store ATA password information for lost password recovery.
Need help?
Do you have a question about the ASURRE-Stor ASD256 and is the answer not in the manual?
Questions and answers