Hardware-based Full Disk Encryption is being pursuedavailable by aall numberof ofthe [[hard disk drive]] (HDD) vendors including [[IntelSeagate Technology]], [[SeagateHitachi, TechnologyLtd.]], [[Samsung]] and [[Hitachi, Ltd.Toshiba]] withand thealso restby of[[Solid theState hardDrive]] drivevendors industrysuch followingas [[Samsung]]. [[Encryption]] and the symmetric encryption key is maintained independently from the [[Central processing unit|CPU]], thus removing computer memory as a potential attack vector.
There are current two varieties of hardware-FDE being discussed:
#Hard Disk Drive FDE
Line 5 ⟶ 7:
==Hard Disk Drive FDE==
HDD FDE is beingavailable pushedfrom byall HDD vendors andusing athe standardOPAL is being pursued forand greaterEnterprise adoptionstandards via the [[Trusted Computing Group]].<ref>[https://www.trustedcomputinggroup.org/ Trusted Computing Group: Home<!-- Bot generated title -->]</ref> Key management takes place within the HDD and encryption keys are protectedencrypted byusing the drivea firmwarecryptologically strong passcode of up to 32 bytes (256 bits). However,Authentication someon levelpower up of authenticationthe drive must still take place within the CPU via either a software [[Pre-Boot Authentication]] Environment or with a BIOS password.
[[Hitachi]], [[Seagate]], [[Samsung]], [[Toshiba]], [[Western Digital]] are the disk drive manufacturers offering TCG OPAL SATA drives as well as the older, and less secure, ATA Security command standard. All drive makers have suggested the appropriate term for this new class of device and new type of functionality be "self-encrypting drives."
An example of this is Stonewood with their Flagstone drives.<ref>[http://www.stonewood.co.uk/index.php/encryption/flagstone.html www.stonewood.co.uk/index.php/encryption/flagstone.html]</ref>▼
▲An example of thisspeciality drives modifying commercial drives for self-encryption is Stonewood with their Flagstone drives.<ref>[http://www.stonewood.co.uk/index.php/encryption/flagstone.html www.stonewood.co.uk/index.php/encryption/flagstone.html]</ref>
Intel has announced the release of the Danbury chipset<ref>[http://www.theregister.co.uk/2007/09/21/intel_vpro_danbury/ www.theregister.co.uk/2007/09/21/intel_vpro_danbury/]</ref> series which promises [[full disk encryption]] and a [[Trusted Platform Module]] (TPM) in the south bridge. However, as the chipset is not yet released and will not be broadly available until 2009, extensive research is not yet available.▼
▲Intel has announced the release of the Danbury chipset<ref>[http://www.theregister.co.uk/2007/09/21/intel_vpro_danbury/ www.theregister.co.uk/2007/09/21/intel_vpro_danbury/]</ref> seriesbut which promises [[full disk encryption]] and a [[Trusted Platform Module]] (TPM) in the south bridge. However, as the chipset is not yet released and will not be broadly available until 2009, extensive researchhas issince notabandoned yetthis availableapproach.
