Hardware-based Full Disk Encryption is available from all of the hard disk drive (HDD) vendors, including Seagate Technology, Hitachi, Ltd., Samsung and Toshiba and also by solid state drive vendors such as Samsung. The symmetric encryption key is maintained independently from the CPU, thus removing computer memory as a potential attack vector.
There are current two varieties of hardware-FDE being discussed:
- Hard Disk Drive FDE
- Chipset FDE
Hard Disk Drive FDE
HDD FDE is available from all HDD vendors using the OPAL and Enterprise standards via the Trusted Computing Group.[1] Key management takes place within the hard disk controller and encryption keys are 256 bit Advanced Encryption Standard keys. Authentication on power up of the drive must still take place within the CPU via either a software Pre-Boot Authentication Environment or with a BIOS password.
Hitachi, Seagate, Samsung, Toshiba, Western Digital are the disk drive manufacturers offering TCG OPAL SATA drives as well as the older, and less secure, PATA Security command standard. All drive makers have suggested the appropriate term for this new class of device and new type of functionality be "self-encrypting drives."
An example of speciality drives modifying commercial drives for self-encryption is Stonewood with their Flagstone drives.[2]
Chipset FDE
Intel announced the release of the Danbury chipset[3] but has since abandoned this approach.