Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 26 Feb 2008 12:45:44 +0100
From:      Uwe Doering <gemini@geminix.org>
To:        Achim Patzner <ap@bnc.net>
Cc:        freebsd-hackers@freebsd.org, "David E. Thiel" <lx@FreeBSD.org>
Subject:   Re: Security Flaw in Popular Disk Encryption Technologies
Message-ID:  <47C3FBE8.8010201@geminix.org>
In-Reply-To: <9111966B-DB9C-41E3-9D30-168D668585A9@bnc.net>
References:  <20080223010856.7244.qmail@smasher.org>	<20080223222733.GI12067@redundancy.redundancy.org> <31648FC5-26B9-4359-ACC8-412504D3257B@bnc.net> <47C345C9.8010901@geminix.org> <9111966B-DB9C-41E3-9D30-168D668585A9@bnc.net>

next in thread | previous in thread | raw e-mail | index | archive | help
Achim Patzner wrote:
> Am 25.02.2008 um 23:48 schrieb Uwe Doering:
>> Since it hasn't been mentioned so far: There are hard disk drives that 
>> do encryption on the firmware level, so you don't have to store keys 
>> on the OS level.
> 
> I wouldn't go that far as there isn't (better: I didn't find)
> enough documentation on their mechanisms to satisfy my curiosity.

I haven't tried so far, but perhaps they can provide additional docs or 
pointers to already downloadable whitebooks on request.  In the past, I 
found a number of whitebooks on their web site detailing various aspects 
of their storage technology.  Quite interesting stuff. :-)

> You might want to take a look at eNova (http://www.enovatech.net/)
> who are pointing at interesting hardware using their crypto technology.

Interesting approach as well.  Thanks for the pointer.  However, given 
that notebooks are the most vulnerable group of computers in this 
regard, the drawback I see is that the notebook manufacturers first have 
to adopt this solution, since you normally cannot put such additional 
hardware into a notebook yourself.  This restricts your choice of 
notebooks, and you also still have no solution for notebooks that you 
already have.

For this reason it struck me as a clever idea to do the encryption in 
the HDD's firmware.  This way you need no additional hardware and can 
equip each and every notebook sporting an SATA interface with 
sufficiently secure HDD encryption, without support from the notebook 
manufacturer because a HDD is a user replaceable part.

Regards,

    Uwe
-- 
Uwe Doering         |  EscapeBox - Managed On-Demand UNIX Servers
gemini@geminix.org  |  http://www.escapebox.net



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47C3FBE8.8010201>