WIXLIB

Marketing BulletinSeagate Momentus FDESelf-Encrypting Drive Integrator Information and Self-Qualification KitInformation for System IntegratorsThis bulletin provides information necessary to ensure your systemcan support Seagate Momentus FDE Self-Encrypting Drives. Whilemost systems have the needed functionality, certain chipset/BIOScombinations may block certain commands that are needed to controlthe encrypting drives.This bulletin is providedfor informational purposesonly. Seagate provides nowarranty either expressedor implied regarding theaccuracy or validity of thisdocument and associatedinformation.The process for self-qualification is as follows:1. Procure a Momentus FDE Self-Encrypting Drive.2. Determine your needs as a client and choose the appropriate level ofSelf-Encrypting Drive management for your application.DO NOT COVERBREATHER HOLEMomentus Thin SEDXXXGBWWN: XXXXXXXXXXXXXXXXPSID: XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX 5V 0.45 ADate: XXXXXSite: XXXProduct of Chinaexcessive shock; do not push onCAUTION: Avoidtop cover or remove any seal or label.Need support? Visit www.Seagate.com STX-MomentusThin (B)E190397N1763. If you do not require enterprise management of passwords and end-pointencryption, consider using the ATA Security API by setting the drive’spassword in BIOS.4. If you do require enterprise management of passwords and end-pointencryption, consider using the DriveTrust API and select a solution froman independent software vendor (ISV).a. Check the Self-Encrypting Drive compatibility information listed in thisdocument regarding your system and your chosen solution.b. If the information regarding compatibility is not listed in this document:i. Use our Compatibility tool to determine if your system provides thebasic capabilities required for Self-Encrypting Drive management.ii. Check with your chosen ISV to determine if your system iscompatible with their solution.D33027SN: XXXXXXXXSTXXXXXXXXXXXPN: XXXXXX-XXXFW: XXXXXXXXFigure 1. Location of part number on drive labelProcure a Seagate Momentus FDE Self-Encrypting DriveThe first step is to ensure that you have a Seagate Momentus FDESelf-Encrypting Drive, as identified in Table 1. It is important that the partnumber on the drive label (Figure 1) matches one of the part numbers listed.

Seagate Momentus FDESelf-Encrypting Drive Integrator Information and Self-Qualification KitTable 1. Momentus FDE Self-Encrypting Drive ModelsDescriptionMomentus 5400 FDE.2Momentus 5400 FDE.3Momentus 7200 FDEMomentus 7200 FDE ZGS1Momentus 5400 FDE.4Momentus 7200 FDE.2Momentus 7200 FDE.2 ZGS1Momentus 7200.2 FIPS 140-2 2Momentus ThinMomentus Thin FIPS-140-2 2Model NumberPart NumberCapacityST980816AS9CU132-52780 GBST9120827AS9CU133-527120 GBST9160824AS9CU134-527160 GBST9250322AS9GG133-500250 GBST9320322AS9GG134-500320 GBST9160414AS9GU142-500160 GBST9250424AS9GU143-500250 GBST9320424AS9GU144-500320 GBST9160414ASG9GUG42-500160 GBST9320424ASG9GUG44-500320 GBST9120317AS9PR131-500120 GBST9160317AS9PR13C-500160 GBST9250317AS9PR132-500250 GBST9320327AS9PR133-500320 GBST9500327AS9PR134-500500 GBST9160413AS9PT14C-500160 GBST9250411AS9PT142-500250 GBST9500421AS9PT144-500500 GBST9160418ASG9RXG4C-500160 GBST9250464ASG9RXG42-500250 GBST9500426ASG9RXG44-500500 20GB1 Zero G Sensor2 See FIPS 140-2 Level 2 Certificate at -1/1401vend.htm.Seagate continues to expand the Momentus FDESelf-Encrypting Drive family. For the most currentlist of drive models and part numbers, go to s/.Note: Additional part numbers may ship in OEMsystems. Contact the OEM to ensure the systemcontains the correct drives.Drive State Upon ShipmentUpon shipment, the Momentus FDE drive is fullyencrypting. However, authentication is not yet2established and therefore not required to accessthe drive. The drive may be installed in a systemand/or imaged the same as any non-encryptinghard drive. Following installation, the drive maybe configured to operate in either the DriveTrustSecurity API or the ATA Security API mode asshown below, depending on your needs.Determine Your NeedsAs mentioned above, there are currently twooptions for managing your Self-Encrypting Drive.For clients who only require the ability to set

Seagate Momentus FDESelf-Encrypting Drive Integrator Information and Self-Qualification Kita password on their drive and have a minimalnumber of users (and passwords) to manage, theATA Security API may be an ideal solution. Theutility provided by this API is minimal and thereare no administrative tools for managing users.However, this mode of operation requires nopurchase or installation of third-party softwareand setup is relatively straightforward.Operating SystemsFor clients that require more features (suchas single sign-on, password managementand recovery, or seamless external drivemanagement) or are deploying Self-EncryptingDrives in an environment with many users (morethan 20 users), the DriveTrust API enables ISVsto create tools that provide you with thesecapabilities. Windows 7 Hotfix KB976418Compatibility InformationDriveTrust Security API Using Third-PartySoftware ManagementThis API provides robust security managementtargeted for more feature-rich softwaremanagement of Momentus FDE drives. Thisrequires Seagate-certified software from a thirdparty software vendor.Pass-Through ConsiderationsThe Drive Trust Security API utilizes the ATATrusted Send and Trusted Receive commandsas defined in the ATA-8 specification. Sincethese are newer and optional commands inthe ATA command set, many chipsets, driversand operating systems do not natively supportthese commands. As a result, these commandsare delivered to the drive via the existing passthrough mechanisms.Seagate has done extensive developmentand testing and has identified the followingconfigurations that are available on all modernsystems to support pass-through:ATA Drivers Use the most current versions of atapi.sys,msahci.sys, or iastor.sys. Intel Turbo Memory must be disabled. RAID must be disabled.3 Windows XP SP1 or newer Windows Server 2003 Windows Vista RTM Hotfix KB950096 Windows Vista SP1 Hotfix KB943170 Windows Vista SP2 Hotfix KB977323 Windows Server 2008 Hotfix KB976323Seagate has tested a large population of systemswith these components and found 100 percent ofthe systems to be compatible with pass-through.Refer to Appendix B for the complete list ofsystems tested.If your system is not listed in Appendix B,Seagate provides a tool to verify your system’spass-through capability. This tool and instructionsfor its use are available at www.seagate.com/support/sedqual/.Note: This test may be performed before theinstallation of your FDE drive to avoid any return/warranty concerns with removing FDE drives fromthe shipment packaging.Third-Party Security Management SoftwareThe following companies have been certifiedby Seagate for support of Momentus FDESelf-Encrypting Drives via the DriveTrust SecurityAPI. They have developed security managementsoftware for single-user and enterprise-levelmanagement of the Momentus FDE SelfEncrypting Drives. Contact them directly forsoftware qualification assistance and to obtaina trial version of their software. CREDANT – anager.html Mobile Armor – DriveArmorwww.mobilearmor.com/drivearmor.php SECUDE International AG – FinallySecurewww.secude.com/html/index.php?id 1354 Wave Systems Corp. – Embassy RemoteAdministration Serverwww.wavesys.com/products/eras.asp WinMagic Data Security, Inc. – SecureDocwww.winmagic.com/seagate

Seagate Momentus FDESelf-Encrypting Drive Integrator Information and Self-Qualification KitNote: For the most up-to-date list of softwareproviders who support the Momentus FDE SelfEncrypting Drives, go to www.seagate.com/support/sedqual/.6. Enter the password. The hard drive is nowunlocked, and the system will boot.Seagate maintains a security softwarecompatibility lab to test the Momentus FDE SelfEncrypting Drives with each certified softwarevendor. This testing has demonstrated broadcompatibility across a large number of systemswhile using the identified third-party managementsoftware packages. Refer to Appendix A for acomplete list of systems and software tested.Seagate attempts to verify Momentus FDE drivecompatibility in as many systems as possible. Todate, 100 percent of systems with BIOS hard drivepassword capability that have been tested havepassed in ATA Security Mode.ATA Security API Using BIOS ManagementThis API allows the client to set the drive’spassword in BIOS instead of relying upon thirdparty software. This is a simple solution forsituations that do not require robust policies orpassword management.System ConsiderationsTo use the ATA Security API, the system integratorwill need to determine if the BIOS supports thesetting of hard drive passwords. A typical wayto verify this is to access the BIOS setup screenby pressing a particular Function key (Fn) duringpower-on, then navigate to the security or storagepages and find the drive password-settingfunction.For additional questions regarding systemcapability for BIOS setting of hard drivepasswords, see your BIOS or system provider.Further AssistanceFor further assistance and more information onSeagate Momentus FDE Self-Encrypting Drives,refer to the following: Seagate FDE Self-Encrypting Drives:www.seagate.com/securityFor system integration assistance follow theSecurity Partners and Integrators link. Seagate FDE Self-Encrypting DriveCompatibility Test:www.seagate.com/securityFollow the SED Qualification Test link. Ask the Expert: www.seagate.com/securityFollow the Ask the Expert link. Seagate Customer Service:Integration ProcedurePhone: 1-800-SEAGATE (1-800-732-4283)Upon verification of system BIOS capability, thesystem integrator just needs to set the hard drivepassword in the BIOS to complete the validation,as follows:Web: www.seagate.com/www/en-us/about/contact us1. Upon system power-on, access the BIOSsetting menu (typically a function key).2. Access the ATA Security Hard Drive passwordsetting menu (typical label is HDD password).3. Set the hard drive password according to themenus.4. Follow the instructions for saving andre-booting. (Your drive is now under passwordcontrol)5. On the subsequent power-up, the BIOSwill detect the locked drive and request thepassword prior to booting the system.47. On subsequent power-up events, repeat fromstep 5.For further assistance with third-party softwareintegration, see your software providers.Appendix A. DriveTrust Security APISystems TestedThe following systems have been tested in theDriveTrust Security API mode. Note that theabsence of a particular system only meansthat it has not been tested and implies neitherincompatibility nor compatibility. The broadcompatibility shown below suggests there willbe good compatibility on a large majority ofsystems across the notebook market. For allsystems, system integrators may look for thesystem in Appendix B for general compatibility.