Opal Storage Specification
Data storage device security specification
From Wikipedia, the free encyclopedia
The Opal Storage Specification[1] is a set of specifications for features of data storage devices (such as hard disk drives and solid state drives) that enhance their security. For example, it defines a way of encrypting the stored data so that an unauthorized person who gains possession of the device cannot see the data. That is, it is a specification for self-encrypting drives (SED).
The specification is published by the Trusted Computing Group Storage Workgroup.
Overview
The Opal SSC (Security Subsystem Class)[2][3] is an implementation profile for Storage Devices (SD) built to:
- Protect the confidentiality of stored user data against unauthorized access once it leaves the owner's control (involving a power cycle and subsequent deauthentication).
- Enable interoperability between multiple SD vendors.[4]
Security
Radboud University researchers indicated in November 2018 that some hardware-encrypted SSDs, including some Opal implementations, had security vulnerabilities.[5]
Implementers of SSC
Device companies
Storage controller companies
Software companies
- Absolute Software[20]
- Check Point Software Technologies[21]
- Dell Data Protection[22]
- Cryptomill[23]
- McAfee[24]
- Secude [25]
- Softex Incorporated[26]
- Sophos[27]
- Symantec[28] (Symantec supports OPAL drives, but does not support hardware-based encryption.)[29]
- Trend Micro[30]
- WinMagic[31]
- OpalLock[32] (OpalLock support Self-Encrypt-Drive capable SSD and HDD. Develop by Fidelity Height LLC)