Opal, Opalite & Pyrite Self-Encrypting Drives (SED)

This year (2015) the Trusted Computing Group (TCG) Storage Work Group (SWG) published two new specifications derived from the Opal SED specification called Opalite and Pyrite. You may already be familiar with the benefits of using an Opal SED vs software encryption in your laptops and desktops, but are puzzled as to why there are 2 new standards. Perhaps you even wonder if they would be a better fit for your needs than Opal.

Reading the actual specification to figure this out can be a daunting task but fortunately the SWG writes an FAQ whenever they* publish a new specification.

Opalite

Opalite is a subset of Opal that provides “data-at-rest protection of user data via data encryption and access controls, secure boot capability (pre-boot authentication), and fast repurposing of the storage device.”

The subset contains the essential functionality for ISV’s (Independent Software Vendors) like WinMagic to provide enterprise manageability, including and pre-boot networking, as well as cryptographic protection for data at rest.

In order to save resources, Opalite removes or trims back on Opal features. For example, ranges are not supported and the data store is 128 KB instead of 10 MB. ISV’s should be able to work around these limitations and still provide functional products but I see no advantage to Opalite over Opal other than possibly one feature called Block SID which is required in Opalite but an option for Opal drives.

For the same price or even a slightly higher price I would go for an Opal drive over Opalite any day. Even entirely eliminating the 10 MB of data store memory would only free about 0.004% of the memory on a 250 GB drive for user data. For laptop and desktop drives I don’t see Opalite drives being that much cheaper than Opal drives to warrant the downgrade.

Download full Opalite SSC Specification FAQ

Pyrite

Pyrite is a subset of Opalite that has the mechanism to logically block or grant access to data. The key word here is “logically”; unlike Opal and Opalite, Pyrite does not specify the encryption of user data.

Pyrite could be useful for geographies that don’t allow encryption or as an ATA-Security replacement for NVMe drives that don’t have encryption. However, I don’t consider it a serious alternative to Opal or even Opalite. Look up the word “pyrite” in Wikipedia and you will find that it is a mineral also known as fool’s gold.

The name chosen for this specification is very appropriate because while at first glance the TCG Pyrite specification has many similarities to Opal – don’t be fooled. It doesn’t provide cryptographic protection for data at rest.

Download full Pyrite SSC Specification FAQ

 

* Full Disclosure: WinMagic is a Contributor level member of the TCG SWG.

Previous Post
Cloud Computing: Responsibility & Accountability of Security
Next Post
Retail Data Breaches and What They Can Teach the Rest of Us

Related Posts

Is that laptop worth $7 million?

One of the key examples I use when talking about the importance of data encryption is the value of the data that could potentially be exposed. Is a $900 laptop worth the $1 million or more of liability potential if…

Managing Security and Compliance

One of the more common IT headaches in medium to large sized organizations is managing mixed environments. It’s not just different operating systems and software applications but also devices of various form factors, be it servers, desktops, laptops, tablets and…

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu