This year (2015) the Trusted Computing Group (TCG) Storage Work Group (SWG) published two new specifications derived from the Opal SED specification called Opalite and Pyrite. You may already be familiar with the benefits of using an Opal SED vs software encryption in your laptops and desktops, but are puzzled as to why there are 2 new standards. Perhaps you even wonder if they would be a better fit for your needs than Opal.

Reading the actual specification to figure this out can be a daunting task but fortunately the SWG writes an FAQ whenever they* publish a new specification.

Opalite

Opalite is a subset of Opal that provides “data-at-rest protection of user data via data encryption and access controls, secure boot capability (pre-boot authentication), and fast repurposing of the storage device.”

The subset contains the essential functionality for ISV’s (Independent Software Vendors) like WinMagic to provide enterprise manageability, including and pre-boot networking, as well as cryptographic protection for data at rest.

In order to save resources, Opalite removes or trims back on Opal features. For example, ranges are not supported and the data store is 128 KB instead of 10 MB. ISV’s should be able to work around these limitations and still provide functional products but I see no advantage to Opalite over Opal other than possibly one feature called Block SID which is required in Opalite but an option for Opal drives.

For the same price or even a slightly higher price I would go for an Opal drive over Opalite any day. Even entirely eliminating the 10 MB of data store memory would only free about 0.004% of the memory on a 250 GB drive for user data. For laptop and desktop drives I don’t see Opalite drives being that much cheaper than Opal drives to warrant the downgrade.

Download full Opalite SSC Specification FAQ

Pyrite

Pyrite is a subset of Opalite that has the mechanism to logically block or grant access to data. The key word here is “logically”; unlike Opal and Opalite, Pyrite does not specify the encryption of user data.

Pyrite could be useful for geographies that don’t allow encryption or as an ATA-Security replacement for NVMe drives that don’t have encryption. However, I don’t consider it a serious alternative to Opal or even Opalite. Look up the word “pyrite” in Wikipedia and you will find that it is a mineral also known as fool’s gold.

The name chosen for this specification is very appropriate because while at first glance the TCG Pyrite specification has many similarities to Opal – don’t be fooled. It doesn’t provide cryptographic protection for data at rest.

Download full Pyrite SSC Specification FAQ

 

* Full Disclosure: WinMagic is a Contributor level member of the TCG SWG.

Or

Leave a Comment

comments

Garry McCracken

About Garry McCracken /

Garry, a CISSP, has more than 30 years of experience in data communications and information security. He has contributed to the development of WinMagic's full-disk encryption solutions for desktops, laptops, and other mobile devices. When he is not saving the world of data encryption, he takes off his cape to relax and enjoy life at the cottage. Garry writes from a position of technical expertise since we first started SecureSpeak, making him the longest running blogger at WinMagic.
Garry McCracken