Wikipedia

Hardware-based full disk encryption

This is an old revision of this page, as edited by 158.234.250.71 (talk) at 11:48, 24 March 2009 (Hard Disk Drive FDE). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Hardware-based Full Disk Encryption is being pursued by a number of HDD vendors including Intel, Seagate Technology, and Hitachi, Ltd. with the rest of the hard drive industry following. Encryption and the symmetric encryption key is maintained independently from the CPU, thus removing computer memory as a potential attack vector. There are current two varieties of hardware-FDE being discussed:

  1. Hard Disk Drive FDE
  2. Chipset FDE

Hard Disk Drive FDE

HDD FDE is being pushed by HDD vendors and a standard is being pursued for greater adoption via the Trusted Computing Group[1]. Key management takes place within the HDD and encryption keys are protected by the drive firmware. However, some level of authentication must still take place within the CPU via either a software Pre-Boot Authentication[2] Environment or with a BIOS password.

Currently there are three software solutions for Pre-Boot Authentication available from Secude[3],SafeNet and Wave Systems.

HDD FDE has been impliemnted by one neich vendor Stonewood in thier Flagstone Hard Drive[4] drives.

Chipset FDE

Intel has announced the release of the Danbury chipset[5] series which promises full disk encryption and a Trusted Platform Module (TPM) in the south bridge. However, as the chipset is not yet released and will not be broadly available until 2009, extensive research is not yet available.

See also

References

  1. ^ Trusted Computing Group: Home
  2. ^ SECUDE IT Security - Pre-Boot Authentication
  3. ^ SECUDE IT Security - Homepage
  4. ^ [1]
  5. ^ http://www.theregister.co.uk/2007/09/21/intel_vpro_danbury/
Retrieved from "https://en.wikipedia.org/w/index.php?title=Hardware-based_full_disk_encryption&oldid=279343985"