Hardware-based full disk encryption: Difference between revisions

HDD FDE is being pushed by HDD vendors and a standard is being pursued for greater adoption via the [[Trusted Computing Group]].<ref>[https://www.trustedcomputinggroup.org/ Trusted Computing Group: Home<!-- Bot generated title -->]</ref>. Key management takes place within the HDD and encryption keys are protected by the drive firmware. However, some level of authentication must still take place within the CPU via either a software [[Pre-Boot Authentication]]<ref>[http://secude.com/htm/707/en/Pre-Boot_Authentication.htm SECUDE IT Security - Pre-Boot Authentication<!-- Bot generated title -->]</ref> Environment or with a BIOS password.

An example of this is Stonewood with their Flagstone drives.<ref>[http://www.stonewood.co.uk/stonewood_flagstone.aspx www.stonewood.co.uk/stonewood_flagstone.aspx]</ref>.

Intel has announced the release of the Danbury chipset<ref>[http://www.theregister.co.uk/2007/09/21/intel_vpro_danbury/ www.theregister.co.uk/2007/09/21/intel_vpro_danbury/]</ref> series which promises [[full disk encryption]] and a [[Trusted Platform Module]] (TPM) in the south bridge. However, as the chipset is not yet released and will not be broadly available until 2009, extensive research is not yet available.