Hardware-based full disk encryption: Difference between revisions

'''Hardware-based full disk encryption''' ('''FDE''') is available from many [[hard disk drive]] (HDD/[[Solid-state drive|SSD]]) vendors, including: ClevX, [[Hitachi]], Integral Memory, iStorage Limited, [[Micron Technology|Micron]], [[Seagate Technology]], [[Samsung]], [[Toshiba]], [[ViaSat|Viasat UK]], [[Western Digital]]. The [[symmetric-key algorithm|symmetric encryption key]] is maintained independently from the computer's [[Central processing unit|CPU]], thus allowing the complete data store to be encrypted and removing computer memory as a potential attack vector.

HDD FDE is made by HDD vendors using the [[Opal Storage Specification|OPAL]] and Enterprise standards developed by the [[Trusted Computing Group]].<ref>{{cite web |url=http://www.trustedcomputinggroup.org/solutions/data_protection |title=Trusted Computing Group Data Protection page |publisher=Trustedcomputinggroup.org |date= |access-date=2013-08-06 |url-status=dead |archive-url=https://www.webcitation.org/65fUDqdql?url=http://www.trustedcomputinggroup.org/solutions/data_protection |archive-date=2012-02-23 |df= }}</ref> [[Key management]] takes place within the hard disk controller and encryption keys are 128 or 256 [[bit]] [[Advanced Encryption Standard]] (AES) keys. [[Authentication]] on power up of the drive must still take place within the [[Central processing unit|CPU]] via either a [[software]] [[pre-boot authentication]] environment (i.e., with a [[Disk encryption software|software-based full disk encryption]] component - hybrid full disk encryption) or with a [[BIOS]] password.

When a cryptographic disk erasure (or crypto erase) command is given (with proper authentication credentials), the drive self-generates a new media encryption key and goes into a 'new drive' state.<ref>{{cite web |title=10 Reasons to Buy Self-Encrypting Drives |author=Trusted Computing Group |url=https://www.trustedcomputinggroup.org/wp-content/uploads/10-Reasons-to-Buy-SEDs_Sept.2010.pdf |year=2010 |publisher=Trusted Computing Group |accessdate=2018-06-06}}</ref> Without the old key, the old data becomes irretrievable and therefore an efficient means of providing [[Data erasure|disk sanitisation]] which can be a lengthy (and costly) process. For example, an unencrypted and unclassified computer hard drive that requires sanitising to conform with [[United States Department of Defense|Department of Defense]] Standards must be overwritten 3+ times;<ref>http://www-03.ibm.com/systems/resources/IBM_Certified_Secure_Data_Overwrite_Service_SB.pdf</ref> a one Terabyte Enterprise SATA3 disk would take many hours to complete this process. Although the use of faster [[solid-state drive]]s (SSD) technologies improves this situation, the take up by enterprise has so far been slow.<ref>{{cite web |title=Slow on the Uptake |url=https://docplayer.net/30164112-Ssd-story-slow-on-the-uptake.html |access-date=18 February 2021}}</ref> The problem will worsen as disk sizes increase every year. With encrypted drives a complete and secure data erasure action takes just a few milliseconds with a simple key change, so a drive can be safely repurposed very quickly. This sanitisation activity is protected in SEDs by the drive's own key management system built into the firmware in order to prevent accidental data erasure with confirmation passwords and secure authentications related to the original key required.

Hardware solutions have also been criticised for being poorly documented{{factcitation needed|date=April 2014}}. Many aspects of how the encryption is done are not published by the vendor. This leaves the user with little possibility to judge the security of the product and potential attack methods. It also increases the risk of a [[vendor lock-in]].