Pyrite – Firmware Security

AMI adds support for Pyrite Password Protected Drives: https://t.co/rKddsrW7jW

— American Megatrends (@AMI_PR) March 8, 2017

AMI has announced support for Pyrite Password Protected Drives.
[…]The Trusted Computing Group (TCG) releases a specification called the “Opal SED Specification” that governs hard drive protection and encryption standards. AMI previously announced support for Opal and Opalite and now AMI has added password support for Pyrite. With the support for Pyrite, AMI enables drives that have a hardware mechanism to protect access without the need to carry out encryption of user data. AMI has worked with several industry partners to develop and validate the support for Pyrite. By introducing this support, OEMs can create solutions at lower costs than Opal or Opalite while maintaining the security of the data.[…]

Full PR:
https://ami.com/news/press-releases/?PressReleaseID=381

See-also:
https://firmwaresecurity.com/2015/08/14/tcg-and-nvme-release-opal-for-seds/
https://trustedcomputinggroup.org/tcg-storage-security-subsystem-class-pyrite/
https://trustedcomputinggroup.org/tcg-storage-opal-nvme/
https://trustedcomputinggroup.org/tag/pyrite/

This week at the Flash Memory Summit, the Trusted Computing Group (TCG) and NVM Express (NVMe), put out a new joint white paper called “TCG Storage, Opal, and NVMe“. Opal is a set of specs from the TCG, designed to add TCG-style security to NVMe-based storage devices (‘self-encrypting drives’ (SED’), by adding new technology layers to manage encryption of user data, to enable features beyond ‘data at rest protection’. The ‘family’ of Opal specs include 3 levels: Opal, Opalite, and Pyrite, which provides a range of capabilities for vendors to choose from.

From their whitepaper’s summary, Oval offers these values to NVMe:
* Avoids the need to add security to NVM Express standard, or rely on proprietary functionality
* Leverages the existing storage security industry standard for a consistent set of requirements
* Commonly associated features enable a more consistent and secure overall solution
* Simplifies ecosystem enabling, validation, product identification, SKU management
* Reduces standardization to a more streamlined process
* Provides an extensible interface for additional value-adds to Opal/Opalite/Pyrite functionality, as well as other storage security features

I’m not sure if UEFI 2.5 has this ability or not. UEFI 2.5 did add some new NVMe and crypto storage interfaces, though.

https://www.trustedcomputinggroup.org/resources/tcg_data_security_architects_guide
https://www.trustedcomputinggroup.org/developers/storage
http://www.trustedcomputinggroup.org/media_room/events/190
http://www.trustedcomputinggroup.org/resources/tcg_storage_opal_and_nvme
http://www.trustedcomputinggroup.org/media_room/news/400
http://www.flashmemorysummit.com/
http://nvmexpress.org/

Learn more about NVMe & @TrustedComputin #SED Opal specs Aug 11 @FlashMem http://t.co/6WQmd4EeZC

— Trusted Computing (@TrustedComputin) July 31, 2015

Short new video on #SEDs from @FlashMem conf this week – protect data at rest, crypto erase, more http://t.co/HM8xCATvgT

— Trusted Computing (@TrustedComputin) August 13, 2015

New NVMe-TCG joint white paper on Self-Encrypting Drives and Opal SSC-based solutions for scalable security mngmnt. http://t.co/CcVqbr5RMI

— NVM Express, Inc. (@NVMexpress) August 11, 2015

PS: Going off-topic(?) a bit, but for NVMe and Linux, check out this doc from June:
https://communities.intel.com/community/itpeernetwork/blog/2015/06/09/nvm-express-linux-driver-support-decoded

Linux Driver Support Decoded! Learn the details on kernel support and the Linux distributions in this overview: http://t.co/PpRfHAiaPW

— NVM Express, Inc. (@NVMexpress) June 16, 2015

Tag: Pyrite

AMI announces TCG Pyrite support

TCG and NVMe release Opal for SEDs