Ultrastar HDDs currently in customer qualification introduce Post-Quantum Cryptography ready secure boot and firmware protection.
Western Digital has announced the integration of post-quantum cryptography (PQC) into its newest high-capacity Ultrastar UltraSMR hard disk drives. These drives are currently in qualification with multiple hyperscale customers, reflecting strong early interest in quantum-resilient storage architectures.
AI data systems generate and retain massive, long-lived data sets. Securing that data over decades, not just years, must be a core requirement of modern infrastructure. The hard drives to implement NIST-approved quantum-resistant algorithms mark a definitive industry transition — from theoretical planning to deployed hardware-level defense.
According to WD, by hardening the root of trust, it provides a critical safeguard against threats like harvest now, decrypt later (HNDL) and similar attacks. This helps protect the massive data lakes fueling today’s AI innovations against the cryptographic protection-breaking power of tomorrow’s quantum computers. WD announces, it is among the first to bring post-quantum cryptography into production storage infrastructure, helping the industry’s quantum transition with deployed, standards-aligned, infrastructure-level protection.
Why Post-Quantum Storage Security Matters Now
As AI infrastructure and workloads generate and retain data in perpetuity, the value of that accumulated data grows, and so does the urgency to protect it against threats that are advancing faster than most organizations anticipate.
- Long data lifecycles and extended IT service windows widen vulnerabilities. Enterprise storage infrastructure typically remains in service for five years or longer, a timeframe that may overlap with the emergence of cryptographically relevant quantum computers.
- As decryption capabilities advance, so do the strategies of sophisticated adversaries. HNDL is a present-day threat. Adversaries may collect encrypted or signed data today with the intent to decrypt or forge security signatures once quantum capabilities mature. Organizations must begin to prepare for long-term cryptographic resilience today.
- Firmware-level attacks present a critical risk. Device-level trust is becoming increasingly important as security architectures evolve. A quantum-enabled adversary could potentially forge digital signatures on firmware updates, allowing malicious code to appear authentic and compromising drive security.
WD’s Post-Quantum Cryptography Implementation
WD’s Post-Quantum Cryptography implementation on the new Ultrastar DC HC6100 UltraSMR is designed to help protect device trust chains from manufacturing through field service. The implementation represents more than a feature enhancement; it reflects a broader shift toward embedding quantum-resilient security directly into the foundation of data infrastructure. The focus is on securing device-level trust, including firmware integrity and key management, rather than data-at-rest encryption, says WD.
Key elements include:
- Algorithm selection: ML-DSA-87 (NIST FIPS 204) for high-assurance code signing, with dual-signing using RSA-3072 combining proven and emerging cryptographic standards to ensure strong, resilient security
- Infrastructure readiness: PQC-capable public key infrastructure (PKI) and hardware security module (HSM) workflows deployed to support key issuance, rotation, and lifecycle management
- Operational continuity: Dual-signing and rollback safeguards designed to support deployment across diverse fleets without disrupting current operations
“As AI data compounds and becomes more valuable and long-lived, securing it for the future is no longer optional. Quantum computing represents one of the most significant technology transitions of our time, and it is advancing faster than many organizations anticipate. The security architectures that have protected enterprise storage for more than a decade will need to evolve,” said Dr. Xiaodong (Carl) Che, Chief Technology Officer and Senior Vice President at WD.
“Integrating post-quantum cryptography into our Ultrastar enterprise-class drives is part of our commitment to helping customers stay ahead of threats that are already present in the form of HNDL attacks. By aligning with NIST standards and CNSA 2.0 today, we are helping enterprises build a clear, low-friction path to quantum-safe storage infrastructure.”
WD expects to expand Post-Quantum Cryptography capabilities across additional enterprise hard drive product lines over time.
