Content deleted Content added
→Chipset FDE: The Link is dead (404) Tag: references removed |
No edit summary |
||
Line 1:
'''Hardware-based [[
There are currently two varieties of hardware-FDE being discussed:
Line 6:
#Bridge and Chipset (BC) FDE
==Hard
HDD FDE is available from all HDD vendors using the OPAL and Enterprise standards via the [[Trusted Computing Group]].<ref>[https://www.trustedcomputinggroup.org/ Trusted Computing Group: Home<!-- Bot generated title -->]</ref> [[Key management]] takes place within the hard disk controller and encryption keys are 128 or 256 [[Binary digit|bit]] [[Advanced Encryption Standard]] keys. [[Authentication]] on power up of the drive must still take place within the [[CPU]] via either a [[software]] [[Pre-Boot Authentication]] Environment (i.e., with a [[Software-based Full Disk Encryption]] component - [[Hybrid Full Disk Encryption]]) or with a [[BIOS]] password.
Line 17:
[[Intel]] announced the release of the Danbury chipset<ref>[http://www.theregister.co.uk/2007/09/21/intel_vpro_danbury/ www.theregister.co.uk/2007/09/21/intel_vpro_danbury/]</ref> but has since abandoned this approach.
==Feature -
Hardware based encryption when it is built into the drive or within the drive enclosure is notably transparent to the user. The drive except for bootup authentication operates just like any drive with no degradation in performance. Unlike software FDE, there is no complication since all the encryption is invisible to the operating system.
Line 27:
With Cryptographic Disk Erasure the drive is commanded, with proper authentication credentials, to self-generate a new media encryption key and go into a 'new drive' state. Unlike other forms of sanitization, this action takes a few milliseconds at most. So a drive can be safely repurposed very quickly.
===Security
* Pure hardware-based FDE does not have any strong authentication component
| |||