TCG (Trusted Computing Group) is an organization specializing in the development of industry standards and consisting of various individual WG (Working Groups); SSD TCG Opal belongs to the Storage Working Group and is mainly responsible for the research and development, definition of standards, boosting their expansion, and jointly developing industry standards of non-profit international organizations with each member in collaboration.
Opal has developed specifications with a comprehensive framework, including manufacturers of storage device, software suppliers, system integrators, and academic institutions. The specifications cover storage device production, system installation, management, and user's instructions, and they can encrypt data before saving and managing by categories to avoid data theft or tampering so as to assure data security.
Advantages of using TCG Opal:
A storage device that complies with the TCG Opal Standard can automatically perform encryption inside the device instead of being handled by the Host; that means it doesn't take up system resources of the host, or need additional encryption that is carried out by the Host; the entire encryption process is completed inside the SSD. Because the encryption process is handled directly by the hardware; therefore, in terms of efficiency, security, and management, it has better advantages than an encryption software system.
Main Features of TCG Opal:
Shadow MBR Authentication Procedure for Booting: Users will need to carry out authentication through inputting the private key before booting. The booting process is not actually executed until it is correctly verified and linked to the device.
Self-Encrypting Device (SED): Both data encryption and decryption are performed automatically inside the device, and it does not need to be handled by the Host, such as AES 256-bit hardware encryption technology.
Blocks and Specific Permissions Settings: Device managers can set different permissions for different LBA ranges. Whoever has a corresponding private key can enter the partition to perform a job within the permissions.