Google’s Vision for Data Center Storage with OCP L.O.C.K.
The data center industry faces an ongoing challenge: how to securely reuse storage devices when decommissioning them without compromising data integrity. My recent Great Debate with Amber Huffman and Jeff Andersen from Google revealed not just the scope of this challenge, but how the Open Compute Project’s Layered Open-Source Cryptographic Key-management (OCP L.O.C.K.) initiative could reshape how the industry approaches storage security and sustainability.
During our discussion, Amber and Jeff painted a picture of an industry with a dilemma. Everyone would like to get longer lives out of storage devices. But to date, there hasn’t been a solution that still meets the top priority of protecting users’ data. As Amber explained, in the second-hand market, even encrypted drives face potential threats from nation-state actors with substantial resources, and evolving technology could eventually break older encryption algorithms.
In current practices, organizations physically destroy drives or perform time-consuming multi-pass overwrites. Destruction, while secure, creates significant operational inefficiencies and environmental waste; overwrites take a long time and are failure prone.
OCP L.O.C.K., currently at 0.85 specification and available for review, is a new alternative, a comprehensive project to deliver an open implementation at CHIPS Alliance that provides encryption key management services to storage drives and hosts. It builds on the established Caliptra open-source hardware root of trust, also an implementation at CHIPS Alliance, and will be integrated into Caliptra 2.1.
OCP L.O.C.K. improves on traditional data security methods in several ways. At its core, OCP L.O.C.K. ensures that only trusted, verified components can access the encryption keys that protect data on drives. The system creates multiple layers of key management. So when a drive is provisioned with OCP L.O.C.K., cloud service providers can trust that data remains inaccessible without the proper access credentials. And when that drive needs to be decommissioned, OCP L.O.C.K. attests that process has been completed successfully.
Jeff’s and Amber’s insights into the technical architecture revealed the sophistication of this approach. OCP L.O.C.K. introduces multi-party authorization, requiring multiple keys rather than a single password to access drive data. This creates layers of protection that persist even if a drive is physically stolen. The implementation leverages Caliptra’s open-source foundation, allowing the security community to harden these systems through collaborative development.
The possibilities created by OCP L.O.C.K. have broad implications for the storage ecosystem. Amber emphasized how OCP L.O.C.K. could transform the value chain, enabling hyperscalers and businesses to sell decommissioned drives in secondary markets rather than destroying them. This represents a significant shift toward sustainability without compromising security — achieving what she called “the best of both worlds.”
The technical roadmap they outlined demonstrates the project’s maturity and industry backing. With partners including Microsoft, Samsung, Kioxia, and Solidigm, along with contributions from other industry partners, OCP L.O.C.K. aims to be a standard implementation rather than a niche solution. Work with standards bodies like Trusted Computing Group (TCG) has already yielded results, with the OCP L.O.C.K.-inspired Multiparty Authorization specification having now been published. These efforts, along with targeting Federal Information Processing Standards (FIPS) compliance, show the thorough approach being taken to ensure widespread adoption.
Looking toward the future, both speakers highlighted how OCP L.O.C.K. represents a broader trend in hardware security. Amber’s observation about the shift from open-source software to open-source hardware particularly resonated, suggesting we’re entering an era where foundational security components that aren’t differentiators become collaborative, community-driven efforts rather than proprietary implementations.
The implications for post-quantum security were equally compelling. Jeff’s discussion of hybrid cryptographic approaches, combining established elliptic curve methods with new post-quantum algorithms like ML-KEM (module-lattice-based key-encapsulation mechanism), demonstrates how OCP L.O.C.K. is designed not just for today’s threats but for the quantum computing era ahead.
What’s the TechArena take? The OCP L.O.C.K. initiative represents more than just another security standard: it’s a reimagining of how the industry approaches storage lifecycle management. By combining robust security with environmental responsibility, Google and its partners are creating a framework that could serve as a model for other infrastructure components. As data centers continue to scale and sustainability becomes increasingly critical, initiatives like OCP L.O.C.K. show how collaborative open-source development can address both security and environmental challenges simultaneously.
The project’s emphasis on implementation rather than just specification, combined with its open-source approach and broad backing, suggests we’re looking at a future where secure storage decommissioning becomes as routine and trustworthy as Amber hopes — ultimately “boring” in the best possible way.
Connect with Amber Huffman and Jeff Andersen on LinkedIn to follow their continued work on storage security and open compute initiatives. The OCP L.O.C.K. 0.85 specification is available for download today, with the 1.0 release targeted for later this year ahead of the OCP October global summit.
The data center industry faces an ongoing challenge: how to securely reuse storage devices when decommissioning them without compromising data integrity. My recent Great Debate with Amber Huffman and Jeff Andersen from Google revealed not just the scope of this challenge, but how the Open Compute Project’s Layered Open-Source Cryptographic Key-management (OCP L.O.C.K.) initiative could reshape how the industry approaches storage security and sustainability.
During our discussion, Amber and Jeff painted a picture of an industry with a dilemma. Everyone would like to get longer lives out of storage devices. But to date, there hasn’t been a solution that still meets the top priority of protecting users’ data. As Amber explained, in the second-hand market, even encrypted drives face potential threats from nation-state actors with substantial resources, and evolving technology could eventually break older encryption algorithms.
In current practices, organizations physically destroy drives or perform time-consuming multi-pass overwrites. Destruction, while secure, creates significant operational inefficiencies and environmental waste; overwrites take a long time and are failure prone.
OCP L.O.C.K., currently at 0.85 specification and available for review, is a new alternative, a comprehensive project to deliver an open implementation at CHIPS Alliance that provides encryption key management services to storage drives and hosts. It builds on the established Caliptra open-source hardware root of trust, also an implementation at CHIPS Alliance, and will be integrated into Caliptra 2.1.
OCP L.O.C.K. improves on traditional data security methods in several ways. At its core, OCP L.O.C.K. ensures that only trusted, verified components can access the encryption keys that protect data on drives. The system creates multiple layers of key management. So when a drive is provisioned with OCP L.O.C.K., cloud service providers can trust that data remains inaccessible without the proper access credentials. And when that drive needs to be decommissioned, OCP L.O.C.K. attests that process has been completed successfully.
Jeff’s and Amber’s insights into the technical architecture revealed the sophistication of this approach. OCP L.O.C.K. introduces multi-party authorization, requiring multiple keys rather than a single password to access drive data. This creates layers of protection that persist even if a drive is physically stolen. The implementation leverages Caliptra’s open-source foundation, allowing the security community to harden these systems through collaborative development.
The possibilities created by OCP L.O.C.K. have broad implications for the storage ecosystem. Amber emphasized how OCP L.O.C.K. could transform the value chain, enabling hyperscalers and businesses to sell decommissioned drives in secondary markets rather than destroying them. This represents a significant shift toward sustainability without compromising security — achieving what she called “the best of both worlds.”
The technical roadmap they outlined demonstrates the project’s maturity and industry backing. With partners including Microsoft, Samsung, Kioxia, and Solidigm, along with contributions from other industry partners, OCP L.O.C.K. aims to be a standard implementation rather than a niche solution. Work with standards bodies like Trusted Computing Group (TCG) has already yielded results, with the OCP L.O.C.K.-inspired Multiparty Authorization specification having now been published. These efforts, along with targeting Federal Information Processing Standards (FIPS) compliance, show the thorough approach being taken to ensure widespread adoption.
Looking toward the future, both speakers highlighted how OCP L.O.C.K. represents a broader trend in hardware security. Amber’s observation about the shift from open-source software to open-source hardware particularly resonated, suggesting we’re entering an era where foundational security components that aren’t differentiators become collaborative, community-driven efforts rather than proprietary implementations.
The implications for post-quantum security were equally compelling. Jeff’s discussion of hybrid cryptographic approaches, combining established elliptic curve methods with new post-quantum algorithms like ML-KEM (module-lattice-based key-encapsulation mechanism), demonstrates how OCP L.O.C.K. is designed not just for today’s threats but for the quantum computing era ahead.
What’s the TechArena take? The OCP L.O.C.K. initiative represents more than just another security standard: it’s a reimagining of how the industry approaches storage lifecycle management. By combining robust security with environmental responsibility, Google and its partners are creating a framework that could serve as a model for other infrastructure components. As data centers continue to scale and sustainability becomes increasingly critical, initiatives like OCP L.O.C.K. show how collaborative open-source development can address both security and environmental challenges simultaneously.
The project’s emphasis on implementation rather than just specification, combined with its open-source approach and broad backing, suggests we’re looking at a future where secure storage decommissioning becomes as routine and trustworthy as Amber hopes — ultimately “boring” in the best possible way.
Connect with Amber Huffman and Jeff Andersen on LinkedIn to follow their continued work on storage security and open compute initiatives. The OCP L.O.C.K. 0.85 specification is available for download today, with the 1.0 release targeted for later this year ahead of the OCP October global summit.
.png)
