Acronyms - oom-is/sedutil GitHub Wiki
My goal in listing all the "alphabet soup" below was to try to ensure that anyone who tried to read the TCG Opal specifications, or any code written by people who had read those specs, had at least a fighting chance of understanding what all the acronyms and terms actually mean. Some of these acronyms appear nowhere in the 1.15.1 SEDutil code.
These are my definitions - there are many like them, but these are mine. At the same time, if someone has a better version of one of these...then please send it in as an issue or pull request.
| Acronym or Term | Breakout | Notes |
|---|---|---|
| ACE | Access Control Element | Term in the TCG Opal specification. As an example, some defined ACEs are "ACE_Anybody", "ACE_Admins" and more complex ones such as "ACE_TPerInfo_Set_ProgrammaticResetEnable". |
| ACK | Acknowledgement | |
| AES | Advanced Encryption Standard | A FIPS 140-2 compliant symmetric algorithm, standardized by the US Government (NIST - National Institute of Standards and Technology) and suitable for bulk encryption and protection of sensitive data. AES supports standard key lengths of 128 bits and 256 bits, and serves as a replacement for the older Data Encryption Standard (DES). |
| ATA | AT Attachment | ATA, or more properly PATA (Parallel ATA), is an older disk connectivity standard derived from the even older Western Digital IDE (Individual Drive Electronics) interface. PATA and IDE have basically zero overlap with SEDutil so they won't be discussed further; they're only here to make the acronyms list complete. |
| BIOS | Basic Input/Output System | The way that "computers (really PCs) always used to boot". Not a formal standard, and usually defined by behavior as in "most relatively modern BIOS variants still have backward compatibility to the original IBM PC". Being replaced gradually by UEFI. |
| CSM | Compatibility Support Module | Allows UEFI-based systems to boot BIOS-style disks, peripherals, etc. Sometimes referred to as "Legacy Boot". |
| EFI | Extensible Firmware Interface | |
| GPT | GUID Partition Table | Disk partitioning method usually used on UEFI-based PCs. See also Wikipedia |
| GUDID | Globally Unique Serial Number | Why not GUSN? Just because. |
| LBA | Logical Block Address (or Addressing) | |
| LSB | Least Significant Bit(s) | When numbers are written in binary notation, the least significant bits (rightmost) would be first the ones bit, then the twos bit, then the fours bit, etc. |
| LU | Logical Unit | In SCSI, an individual SCSI device was a Logical Unit. AFAICT this has carried forward into the TCG Opal spec...somehow. |
| MBR | Master Boot Record | See Wikipedia for details. Note that in SEDutil as well as in the TCG Opal spec and vendor docs for SEDs, the 128MB shadow PBA area that is visible when the drive is fully locked is often referred to as the "MBR table" even if the drive is UEFI and partitioned using GPT. |
| MEK | Media Encryption Key | The actual key which is used to encrypt the storage device contents with AES-256. Unsurprisingly, this is a 256 bit symmetric AES key. Access to this key is controlled by the TPer based on some sort of credentials or authentication (depending on whether this is a TCG Opal or Enterprise drive, etc.) Zeroizing (securely deleting) this key makes all the data stored on the encrypted storage device unreadable and inaccessible, A/K/A "crypto erase". |
| MSB | Most Significant Bit(s) | Essentially the opposite of LSB above - the leftmost bits of a number written in binary notation. |
| MSID | Manufacturer SID | See discussion under SID |
| NAK | Non-Acknowledgement | |
| NMVe | Non Volatile Memory Express | An interface standard that allows very high speed connections for compatible peripherals (specifically SSDs) to the PCIe bus in modern PCs, for potentially much higher throughput than SATA-III. NVMe in PCIe 4.0 systems could reach maximum speeds of 8Gbps with 4 PCIe lanes in use (PCIe 4.0 x4). |
| OFS | Original Factory State | The state in which the device should (nominally) have been in when it was delivered into the supply chain to the consumer, and also the state in which the device should be following a RevertTPer and possibly (probably?) also following a successful PSID erase ("crypto erase"). |
| PBA | Pre Boot Authentication | A mechanism in TCG Opal-compliant drives that allows the drive/TPer to require authentication at time of power-on (typically boot) before allowing the drive to be unlocked. |
| PCIe | Peripheral Component Interconnect Express | Primary motherboard/system bus in most recent PCs. |
| PSID | Physical Presence SID | Allows drive unlock, normally with data loss, in the event that other unlock methods have failed and the drive needs to be re-used. Typically printed on a label on the outside of the drive; optionally if the supply chain is suspect could be provided to the drive purchaser through out-of-band means. See further discussion under SID |
| PSK | Pre-Shared Key | PSK Secure Messaging is an optional feature set for Opal SSC-compliant devices, which "uses TLS v1.2 as the underlying protocol to establish session keys and protect TCG protocol payloads". I'm still trying to sort out the actual use case for this. |
| SAS | Serial Attached SCSI | Specification commonly used in server/datacenter hard disks, as an evolution of the SCSI specification to provide higher throughput. SAS 3 is described as a "12 Gbps bus" but actual maximum throughput is much lower for individual disks. |
| SATA | Serial ATA | Specification for common modern desktop hard drives, building on the older ATA (actually Parallel ATA) specification and providing higher throughput. SATA III is described as a "6 Gbps bus" but actual rough maximum throughput in most current systems is ~600Mbps for a single peripheral (hard disk). |
| SCSI | Small Computer Systems Interface | One of the more common hard disk/peripheral communication channels in the 1980s and 1990s. Used not only for hard disks but also printers, scanners, and other peripherals across UNIX-based and minicomputer systems, while the average 'desktop' PC relied on Parallel ATA or conventional RS-232 serial or Centronics parallel ports. |
| SD | Storage Device | |
| SED | Self Encrypting Disk | A disk with some sort of built-in firmware/hardware to allow standalone encryption (as opposed to full- or partial-disk encryption in software.) All TCG OPAL compliant disks are SEDs, but not all SEDs are TCG OPAL compliant. |
| SHA | Secure Hash Algorithm | SHA-1 was the previous Secure Hash Algorithm standard (per NIST; see AES above) and was used in the DTA releases of SEDutil through v1.15.1. SHA-2 is the recommended/prescribed replacement for SHA-1, and the SHA-512 variant is used in this fork of SEDutil. |
| SID | System ID | [Needs detailed explanation] |
| SP | Security Provider | |
| SSC | Security Subsystem Class | Opal is an example of an SSC that has been standardized by the TCG. |
| SSD | Solid State Disk | |
| TCG | Trusted Computing Group | A standards organization that produced the TPM and OPAL specifications. |
| TPer | Trusted Peripheral | Term in the TCG Opal specification. Essentially, the OPAL-compliant "thing" (firmware+chipset) that provides Opal functionality and an interface between the host PC and a "Storage Device" (usually a hard disk, either magnetic or solid state) |
| TPM | Trusted Platform Module | |
| UEFI | Unified Extensible Firmware Interface | |
| UID | Unique ID | |
| VU | Vendor Unique | In the TCG Opal specs, any value/content that the vendor gets to choose themselves is normally listed as VU. As an example, the content of the "shadow" area for storing the PBA before a drive is initialized is VU. Normally that particular area is just empty, but that's a per-vendor determination. |