Seagate announces hardware FDE for laptop and desktop machines

Jacob Appelbaum jacob at appelbaum.net
Thu Sep 6 18:14:59 EDT 2007


Chris Kuethe wrote:
> On 9/6/07, Jacob Appelbaum <jacob at appelbaum.net> wrote:
>> Seagate recently announced a 1TB drive for desktop systems and a 250GB
>> laptop drive. What's of interest is that it appears to use a system
>> called DriveTrust for Full Disk Encryption. It's apparently AES-128.
> 
> Yes, but will it work on my UltraSparc? How about my PPC powermac? Or
> maybe my OpenBSD laptop?
> 

It seems the the answer would be yes for the laptop at the very least.

> What's that - I have to use some opaque mechanism to key my drive? Pass.
> 

It appears to use a firmware implementation. To quote their pdf I linked
to before [0]:
"DriveTrust technology implements on the drive a cryptographic service
provider that provides encryption, hashing, secure storage, decryption,
digital signature and random-number generating functions"

Though I think that unless they're providing their full firmware code,
it's not to be trusted. Though it should be possible to examine the on
disk bits with other known good implementations of AES128 (CBC? I'm not
sure...).

> And how do I know that the drive didn't just store a copy of my
> encryption key in NVRAM somewhere which can be retrieved by reading
> some magic sequence of negative sectors? And what about a zillion
> other paranoid but reasonable concerns?
> 

All the more reason to investigate it. I wonder if they'll provide their
firmware if a big enough client were to request it. They also claim to
be about open standards:
"An open standard is being developed within the Trusted Computing Group."

Perhaps one of the Seagate developers is on this list? If not, I think
they probably should be...

-jacob

[0] http://www.seagate.com/docs/pdf/whitepaper/TP564_DriveTrust_Oct06.pdf

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list