Hardware-based full disk encryption

From Wikipedia, the free encyclopedia

Hardware-based Full Disk Encryption is being pursued by a number of HDD vendors including Intel, Seagate Technology, and Hitachi, Ltd. with the rest of the hard drive industry following. Encryption and the symmetric encryption key is maintained independently from the CPU, thus removing computer memory as a potential attack vector. There are current two varieties of hardware-FDE being discussed:

  1. Hard Disk Drive FDE
  2. Chipset FDE

Contents

[edit] Hard Disk Drive FDE

HDD FDE is being pushed by HDD vendors and a standard is being pursued for greater adoption via the Trusted Computing Group[1]. Key management takes place within the HDD and encryption keys are protected by the drive firmware. However, some level of authentication must still take place within the CPU via either a software Pre-Boot Authentication[2] Environment or with a BIOS password.

Currently there are only two software solutions for Pre-Boot Authentication available from Secude[3] and Wave Systems.

[edit] Chipset FDE

Intel has announced the release of the Danbury chipset[4] series which promises full disk encryption and a Trusted Platform Module (TPM) in the south bridge. However, as the chipset is not yet released and will not be broadly available until 2009, extensive research is not yet available.

[edit] See also

[edit] References

  1. ^ Trusted Computing Group: Home
  2. ^ SECUDE IT Security - Pre-Boot Authentication
  3. ^ SECUDE IT Security - Homepage
  4. ^ http://www.theregister.co.uk/2007/09/21/intel_vpro_danbury/