Seagate announces hardware FDE for laptop and desktop machines
Leichter, Jerry
leichter_jerrold at emc.com
Fri Sep 7 16:27:50 EDT 2007
| Date: Thu, 6 Sep 2007 16:00:03 -0600
| From: Chris Kuethe <chris.kuethe at gmail.com>
| To: Jacob Appelbaum <jacob at appelbaum.net>
| Cc: Cryptography <cryptography at metzdowd.com>
| Subject: Re: Seagate announces hardware FDE for laptop and desktop machines
|
| On 9/6/07, Jacob Appelbaum <jacob at appelbaum.net> wrote:
| > Seagate recently announced a 1TB drive for desktop systems and a 250GB
| > laptop drive. What's of interest is that it appears to use a system
| > called DriveTrust for Full Disk Encryption. It's apparently AES-128.
|
| Yes, but will it work on my UltraSparc? How about my PPC powermac? Or
| maybe my OpenBSD laptop?
First off, it depends on how the thing is implemented. Since the entire
drive is apparently encrypted, and you have to enter a password just to
boot from it, some of the support is in an extended BIOS or some very
early boot code, which is "below" any OS you might actually have on the
disk. Once you get past that, though, it depends on what they provide.
If the boot-time password gets stored in the disk firmware and controls
all encryption and decryption for the "session", the OS would neither
know nor care. If the drivers have to get involved, or you *want* them
involved (e.g., because you want to use the disk hardware to do encryp-
tion with different sets of keys you assign to different files,
partitions, whatever the thing can support) then ... ask for something
reasonable: That the interface to the mechanism is published so that
someone can write the appropriate drivers.
| What's that - I have to use some opaque mechanism to key my drive? Pass.
Ah, yes, it's all a conspiracy to make you run Windows.
Grow up. *If* the drive vendor keeps the mechanism secret, you have
cause for complaint. But can you name a drive vendor who's done
anything like that in years? What possible motivation could they
have? (In fact, I believe Seagate has said they will publish the
specs.)
| And how do I know that the drive didn't just store a copy of my
| encryption key in NVRAM somewhere which can be retrieved by reading
| some magic sequence of negative sectors? And what about a zillion
| other paranoid but reasonable concerns?
You don't. The general issue of how you can come to trust a piece
of cryptographic hardware has been discussed here before, and no one
has been able to suggest a way to do it.
Guess what: Seagate makes the same point. As one of the two remaining
drive vendors who are actually US-based (I forget who the other is),
they've pointed out to Congress that it might not be such a good thing
if DoD's and Homeland's and the FBI's secure disks were all based on
chips and firmware developed overseas (and particularly in China). They
bring this up purely for patriotic reasons, of course. If Congress sees
fit to provide a bit of protection, well, that's a national policy
issue, not Seagate's doing.... :-)
Of course, most of the world's countries will be faced choosing secure
devices developed and built in one of 3 or 4 countries, at least the
two largest of which have very well developed organizations to, err,
develop information in the national interest.
Who are you willing to trust? How much are you willing to pay to avoid
trusting someone you would rather not trust?
Personally, if I were *that* concerned, I'd use an encrypted file system
on top of an FDE system, at least for the stuff I considered really
sensitive.
-- Jerry
| CK
|
| --
| GDB has a 'break' feature; why doesn't it have 'fix' too?
|
| ---------------------------------------------------------------------
| The Cryptography Mailing List
| Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
|
|
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list