https://www.thinkwiki.org/w/api.php?action=feedcontributions&user=Mprefix&feedformat=atomThinkWiki - User contributions [en]2024-03-29T00:15:25ZUser contributionsMediaWiki 1.31.12https://www.thinkwiki.org/w/index.php?title=Full_Disk_Encryption_(FDE)&diff=48081Full Disk Encryption (FDE)2010-04-05T18:47:11Z<p>Mprefix: Removed hint line as it contained por grammar and made no sense</p>
<hr />
<div>__NOTOC__<br />
{| width="100%"<br />
|style="vertical-align:top" |<br />
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;"><br />
=== Full Disk Encryption ===<br />
Lenovo's 'Full Disk Encryption' (FDE) is a technology incorporated into some of Seagate's FDE-ready hard disks. It provides encryption of all of the contents of the hard disk.<br />
<br />
<br />
=== Features ===<br />
* Multi platform (Linux, Windows).<br />
* Protects the whole disk (including FAT partition...)<br />
* No performance impact.<br />
* Compatible with TPM<br />
* AES (the chip which performs AES encryption has been [http://www.seagate.com/ww/v/index.jsp?locale=en-US&name=null&vgnextoid=ade81f7095904110VgnVCM100000f5ee0a0aRCRD certified] by [http://csrc.nist.gov/cryptval/aes/aesval.html NIST] )<br />
* Wiping the disk (for disposal...) takes just a second.<br />
<br />
<br />
</div><br />
|style="vertical-align:top" |<br />
[[image:momentus5400_3_fde_sm_106x106.gif|FDE Hard disk Photo, credits: seagate.com]]<br />
|}<br />
<br />
=== Using Seagate FDE ===<br />
Using FDE as as easy as setting up the hard disk password (from BIOS). You can choose to have just a user password, or both a user and a master password.<br />
You can export the key to an external storage, for password recovery (you need the password !!)<br />
<br />
N.B.: The [http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-69621 Lenovo FAQ on FDE] specifically states that on the T60 & T61, there is no means of backing up or exporting the key, but that the drive may be used in another system (it is evidently not tied to a motherboard [http://en.wikipedia.org/wiki/Full_disk_encryption#Full_disk_encryption_and_Trusted_Platform_Module Trusted Platform Module]).<br />
<br />
==== Lost password ====<br />
Three possibilities :<br />
* Use the master password to change the user key.<br />
* Recover the password using the previously exported key. (See note from Lenovo FAQ, above.)<br />
* Reset the encryption key (which causes the hard disk to be instantly "wiped", and resets the "hard disk password").<br />
<br />
==== Wipe the disk ====<br />
Wiping the disk is as easy as reseting the encryption key from the BIOS..<br />
<br />
==== TPM ====<br />
It should be possible to use TPM (with fingerprint readers...) not tested yet.<br />
* T61 with TPM & fingerprints, FDE password works with a configured fingerprint but you must use windows based software to program the imprint. By keeping a small windows partition, I am able to boot linux with a fingerprint, fingerprint passes the TPM power-on password AND the FDE disk 1 password, which is separate.<br />
<br />
=== Software alternatives ===<br />
<br />
It is possible to get similar security, at a very slight performance impact, by using appropriate software-based full disk encryption solutions. For example, under Linux, you can use <tt>dm-crypt</tt> to encrypt the whole disk (including swap and root partitions) except for a bootloader. Numerous tutorials are available on the Internet.<br />
<br />
=== Links ===<br />
* [http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-69621 Lenovo Full Disk Encryption Hard Disk Drive Frequently Asked Questions]<br />
* [http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=TPAD-SIMS Thinkpad Bios simulator] (R61/T61 not available yet, unfortunately)<br />
* [http://www.seagate.com/www/en-us/products/laptops/momentus/momentus_5400_fde.2/ Seagate MoMentuS 5400 FDe.2]<br />
* [http://en.wikipedia.org/wiki/Full_disk_encryption Wikipedia - Full disk encryption] (why FDE ??)<br />
* [http://www.xml-dev.com/pipermail/fde/ Full-Disk-Encryption Mailing list]</div>Mprefix