Wikipedia

Hardware-based full disk encryption

This is an old revision of this page, as edited by Alaibot (talk | contribs) at 05:18, 8 April 2008 (Robot: tagging uncategorised page). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Hardware-based Full Disk Encryption is being pursued by a number of vendors including Intel, Seagate, and Hitachi with the rest of the hard drive industry following. Encryption and the symetric encryption key is maintained independantly from the CPU, thus removing computer memory as a potential attack vector. There are current two varieties of hardware-FDE being discussed:

1) Hard Disk Drive FDE
2) Chip Set FDE

Hard Disk Drive FDE

HDD FDE is being pushed by HDD vendors and a standard is being pursued for greater adoption via the Trusted Computing Group[1]. Key management takes place within the HDD and encryption keys are protected by the drive firmware. However, some level of authentication must still take place within the CPU via either a software Pre-Boot Authentication[2] Environment or with a BIOS password.

Currently there are only two software solutions for Pre-Boot Authentication available from Secude[3] and Wave Systems.

Chip Set FDE

Intel has announced the release of the Danbury chip[4] set series which promises Full Disk Encryption and a TPM in the south bridge. However, as the chip set is not yet release and will not be broadly available until 2009, extensive research is not yet available.

References

  1. ^ https://www.trustedcomputinggroup.org/
  2. ^ http://secude.com/htm/707/en/Pre-Boot_Authentication.htm
  3. ^ http://secude.com/
  4. ^ http://www.theregister.co.uk/2007/09/21/intel_vpro_danbury/
Retrieved from "https://en.wikipedia.org/w/index.php?title=Hardware-based_full_disk_encryption&oldid=204156612"