《SNIA-SDC23-Nelogal-TCG-Storage-Work-Group-Update_0.pdf》由会员分享,可在线阅读,更多相关《SNIA-SDC23-Nelogal-TCG-Storage-Work-Group-Update_0.pdf(17页珍藏版)》请在三个皮匠报告上搜索。
1、TCG Storage Work GroupUpdateChandra NelogalDMTS,Dell TechnologiesCo-Chair,Storage Work Group,TCG1 2023 Trusted Computing GroupDo Not Redistribute Without Permission Agenda Introduction Learning Objectives Status Update of several documents Upcoming plans Other sessions2 2023 Trusted Computing GroupD
2、o Not Redistribute Without Permission IntroductionWe represent the TCG(Trusted Computing Group)TCG Covers many things security(Storage,TPM,Platform,PC Client,Server,DICE,etc.)Trustedcomputinggroup.orgStorage Work GroupFocuses on security features specific to storage devices and solutionsData at rest
3、 security specifications(SSCs)Enterprise,Opal,Ruby,Pyrite,KPIOStorage Interface Interactions Specification(SIIS)Feature sets,supplementals to SSCs,References,Test DocumentsCNL,Configurable PINs,Block SID,etc.2023 Trusted Computing GroupDo Not Redistribute Without Permission Learning Objectives Get a
4、n overview of the current activities w.r.t.standards Get a preview of upcoming standards activities Security trends in storage Help plan for your security features and capabilities For your organizations products and solutions Welcome your participation and input 2023 Trusted Computing GroupDo Not R
5、edistribute Without Permission No active work currently Core Specification Enterprise SSC Ruby SSC Pyrite SSC 2023 Trusted Computing GroupDo Not Redistribute Without Permission Recent Work On Specifications/References6 2023 Trusted Computing GroupDo Not Redistribute Without Permission DocumentStatus
6、TimelineImpactOpal Feature Set:Configurable Locking for NVMe NS and SCSI LUNs-V1.02,R1.16PublishedFeb 2023Opal SSC feature set:Defines relationships between locking objects and LBA ranges and NVME Namespaces and SCSI LUNsSIIS-V1.11,R1.18PublishedApril 2023Most referred to for TCG Protocol Mapping an
7、d SAS/SATA/NVMe interfaces:User data removal methodsOpal Family Test Case Spec-V1.01 R1.10PublishedMay 2023Test Specification:Essentially updated to support Opal 2.02Opal Feature set:C_PIN Enhancements-V1.00,R1.21PublishedMay 2023Opal SSC feature set:Enhances PIN Configurability and propertiesKey Pe
8、r I/O(KPIO)SSC-V1.0,R1.41PublishedSep 2023New Approach to DRE with host managed media encryption keys2023 has been a productive year for the Storage Work GroupAll Specifications and References focus on Data at Rest Encryption(DRE)technologiesRecent Work On Specifications/References7 2023 Trusted Com
9、puting GroupDo Not Redistribute Without Permission DocumentStatusTimelineImpactOpal Feature set:Additional Data Store Tables V1.01,R1.17Public ReviewJuly Oct 2023Opal SSC feature set:Defines data store table creation for multi-client like use casesApp Note:KPIO Completed Public reviewJuly Aug 2023Re
10、ference document/Implementation guide for KPIO SSCTest Cases&FAQ:KPIOIn DevelopmentNAAdditional documents related to KPIOErrata for Opal 2.02In DevelopmentNAClarifications and errata fixesSIIS 1.12In DevelopmentNAFixes and Enhancements.Inclusion of Key Per I/O related changesAll Specifications and R
11、eferences focus on Data at Rest Encryption(DRE)technologiesSIIS 1.11 Main changesAdded Support for NVDIMM-N and SD-Card interfacesMore details on User Data Removal methodsSupport for zoned commands SCSI ATA NVMeNVMe Mapping of MI resets 2023 Trusted Computing GroupDo Not Redistribute Without Permiss
12、ion C_PIN EnhancementsC_PIN Enhancements Feature(optional feature)Configurable C_PIN TryLimit per Authority Configurable C_PIN Persistence per Authority Min and Max PIN lengthC_PIN Forced PIN Change(optional feature)When enabled,requires the Authority PIN change before the authentication Forced PIN
13、change by allowing only Set method on the PIN column and Random method 2023 Trusted Computing GroupDo Not Redistribute Without Permission Additional Data Store Tables Mechanism to configure additional tables in the data store Partition the data store Enables additional use cases 2023 Trusted Computi
14、ng GroupDo Not Redistribute Without Permission Configurable Locking NS and SLNVMe NamespacesAssign/Deassign and Set MethodsSCSI LUNsAssign/Deassign Methods 2023 Trusted Computing GroupDo Not Redistribute Without Permission Monitoring SNIA Key Management OCP Security requirements SPDM Storage Binding
15、 Quantum Safe ReadinessBACKUPFocus Areas Which types of technologies are being addressed?Interfaces:NVMe,ATA,SCSI,eMMC,NVDIMM-N,SD CardSelf-encrypting storage(Opal,Ruby,Pyrite,Enterprise,etc.)Self-Encrypting storage,with external key management(Key Per I/O,new)What is their impact on the industry?Ma
16、in Data at Rest technology used in the industryWidely accepted and continues to evolve Provide a standard way for managing SEDsStandards compliant and Certified SEDs are mandated by some governments and companiesTCG work is being referenced by international standards(ISO,IEEE,NVMe,INCITS,etc.)KPIO R
17、efer to focused sessionConfigurable Locking ObjectsGlobal Range Locking object Any namespace or LUN that is not associated with belowNamespace Global Range Locking object First Locking object to be associated with a Namespace/LUNNamespace Non-Global Range Locking object Locking object associated wit
18、h an LBA range within a namespace/LUNSUM and CNLAdd parameter to Assign to indicate caller wants to associate Namespace with an available SUM rangeMandate:Assign to SUM Range results in erase of dataDeassign from SUM Range results in erase of dataKeepNamespaceGlobalRangeKey=True results in failure o
19、f Deassign methodGlobal RangeSUM Range1:NS1 KeyNS1 Key is erased and new key ownership is transferred from Global Range to Range1*,data is erased as a result of key being erased Assign(NS1,selectSUMRange)NS1 KeyGlobal RangeNS2 KeyNS3 KeyNS4 KeyNS2 KeyNS3 KeyNS4 KeyDeassign(Range1)NS1 KeyGlobal RangeNS2 KeyNS3 KeyNS4 KeyGlobal RangeSUM Range1:NS1 KeyFor SUM ranges:NS1 Key is always erased and new key ownership is transferred from Range1 to Global Range,data is always erased when transitioning from SUM rangeNS2 KeyNS3 KeyNS4 Key