Wikipedia

Hardware-based full disk encryption: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Endareth (talk | contribs)
154 edits
m Adding links
Line 1:
Hardware-based [[Full Disk Encryption]] is available by all of the [[hard disk drive]] (HDD) vendors including [[Seagate Technology]], [[Hitachi, Ltd.]], [[Samsung]] and [[Toshiba]] and also by [[Solid State Drive]] vendors such as [[Samsung]]. [[Encryption]] and the [[Symmetric-key algorithm|symmetric encryption key]] is maintained independently from the [[Central processing unit|CPU]], thus removing computer memory as a potential attack vector.
 
There are current two varieties of hardware-FDE being discussed:
Line 7:
 
==Hard Disk Drive FDE==
HDD FDE is available from all HDD vendors using the OPAL and Enterprise standards via the [[Trusted Computing Group]].<ref>[https://www.trustedcomputinggroup.org/ Trusted Computing Group: Home<!-- Bot generated title -->]</ref> [[Key management]] takes place within the HDD and encryption keys are encrypted using the a cryptologically strong passcode of up to 32 [[Byte|bytes]] (256 [[Binary digit|bits]]). [[Authentication]] on power up of the drive must still take place within the [[CPU]] via either a [[software]] [[Pre-Boot Authentication]] Environment or with a [[BIOS]] password.
 
[[Hitachi]], [[Seagate]], [[Samsung]], [[Toshiba]], [[Western Digital]] are the disk drive manufacturers offering [[Trusted Computing Group|TCG]] OPAL [[Serial ATA |SATA]] drives as well as the older, and less secure, [[Parallel ATA|PATA]] Security command standard. All drive makers have suggested the appropriate term for this new class of device and new type of functionality be "self-encrypting drives."
 
An example of speciality drives modifying commercial drives for self-encryption is Stonewood with their Flagstone drives.<ref>[http://www.stonewood.co.uk/index.php/encryption/flagstone.html www.stonewood.co.uk/index.php/encryption/flagstone.html]</ref>
 
Currently there is an effort by [[Microsoft]], that has a software FDE product called "[[BitLocker Drive Encryption|Bitlocker"]] to block TCG commands through their [[Microsoft Windows|Windows]] [[Operating System]]. This effort is in the [[IEEE 1667]] group that was founded by Microsoft and some Flash[[flash drive]] vendors and was originally represented to only concern [[USB]], but has now been extended to all external storage.
 
==Chipset FDE==
[[Intel]] announced the release of the Danbury chipset<ref>[http://www.theregister.co.uk/2007/09/21/intel_vpro_danbury/ www.theregister.co.uk/2007/09/21/intel_vpro_danbury/]</ref> but has since abandoned this approach.
==See also==
*[[Disk encryption hardware]]
Retrieved from "https://en.wikipedia.org/wiki/Hardware-based_full_disk_encryption"