TCG Opal
TCG Opal is the most common security protocol for SSDs. It handles the encryption/decryption of information within the device without requiring a host, enabling fast encryption/ decryption and minimizing the risk of data leakage without affecting system performance.
The main functions of TCG Opal are as follows:
- Encryption: AES 256-bit Hardware Encryption Technology
- Drive Locking with Password Protection: Password Lock
- Range Based Locking/Unlocking: Function settings can be divided into multiple regions
- Authentication
To be TCG Opal compliant, an SSD would have the following characteristics:
- Both encryption and decryption are automatically executed within the device without being processed by the Host end, while the key is stored in the device with AES-128 or AES-256 advanced encryption standard.
- Prior to power up, authentication is carried out. The user is required to enter a Shadow MBR to perform identity confirmation, and once passed, the actual power-up procedure is initiated.
- Zoning and Authorization Setting functions where the manager can establish a Logical Block Address (LBA) to set different access limit for a different LBA, as those with the corresponding keys is authorized to enter the designated Block to execute authorized operations.