Wikipedia

Hardware-based full disk encryption

This is an old revision of this page, as edited by 58.186.13.41 (talk) at 09:32, 8 July 2009 (Hard Disk Drive FDE). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Hardware-based Full Disk Encryption is being pursued by a number of hard disk drive (HDD) vendors including Intel, Seagate Technology, and Hitachi, Ltd. with the rest of the hard drive industry following. Encryption and the symmetric encryption key is maintained independently from the CPU, thus removing computer memory as a potential attack vector. There are current two varieties of hardware-FDE being discussed:

  1. Hard Disk Drive FDE
  2. Chipset FDE

Hard Disk Drive FDE

HDD FDE is being pushed by HDD vendors and a standard is being pursued for greater adoption via the Trusted Computing Group.[1] Key management takes place within the HDD and encryption keys are protected by the drive firmware. However, some level of authentication must still take place within the CPU via either a software Pre-Boot Authentication[2] Environment or with a BIOS password.

An example of this is Stonewood with their Flagstone drives.[3]

Chipset FDE

Intel has announced the release of the Danbury chipset[4] series which promises full disk encryption and a Trusted Platform Module (TPM) in the south bridge. However, as the chipset is not yet released and will not be broadly available until 2009, extensive research is not yet available.

See also

References

  1. ^ Trusted Computing Group: Home
  2. ^ FinallySecure - Pre-Boot Authentication
  3. ^ www.stonewood.co.uk/stonewood_flagstone.aspx
  4. ^ www.theregister.co.uk/2007/09/21/intel_vpro_danbury/
Retrieved from "https://en.wikipedia.org/w/index.php?title=Hardware-based_full_disk_encryption&oldid=300960021"