Article: KB-057

Testing the TCG OPAL feature of the SSD is complex and takes time.

The figure below illustrates the key components to integrate a Self-Encrypting Drive (SED) in your system.

The SED hardware includes a controller with an AES-256 bit encryption engine.
The SED firmware complies with the TCG OPAL standard by the Trusted Computing Group. The popular standards are TCG OPAL 2.0, TCG Enterprise, TCG OPALite, and TCG Pyrite.
Virtium’s SED is TCG OPAL 2.0 compliance.

Host Software
On Windows and Linux operating systems, SED uses Encryption Management Software, such as Winmagic, Wave, and Windows BitLocker.  It manages these features:

  • Enable or Disable TCG
  • Set up the Security key
  • Manage Security key on the Cloud or Trusted Computing Module (TPM)
  • Secure boot
  • Lock or unlock the SED with the Passkey
  • PSID revert (Erase Security key and perform authorized SANITIZE)

Secure Communication
When the user enables TCG OPAL on the SED, the communication between the host and the SED is secure.

Operation Overview

Follow these steps to use the SED feature:

  1. Enable the TCG feature on the SED
  2. Use the Encryption Management Software to utilize the SED. Excellent information is available here at Winmagic’s website.  Or try Windows BitLocker, it comes with the latest Windows Operating system. Virtium’s SED supports both TCG OPAL 2.0 and Window eDrive (IEEE-1667)
  3. Install the Encryption Management Software and follow its instruction to set up and manage the SED.

Other Details

  1. To disable the TCG feature or revert the SED to its manufacturing state, use the PSID revert function. Use Virtium’s vtSecure software at this link to perform this operation. vtSecure walks you through the process with step-by-step instruction. We also provide software API to perform PSID revert in your software with just a few coding lines.
  2. PSID revert operation requires the PSID printed on the label of the SED. It ensures a person must physically possess the SED to perform PSID revert.
  3. When TCG OPAL is enabling, the Secure Erase and SANITIZE functions are disabled. Sanitize a SED is the PSID revert operation.