Difference between revisions of "Full Disk Encryption (FDE)"

From ThinkWiki
Jump to: navigation, search
(add "Preboot authentication" feature.)
(T61 FDE is seagate based, not pointsec!)
Line 4: Line 4:
 
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">
 
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">
 
=== Full Disk Encryption ===
 
=== Full Disk Encryption ===
Lenovo Full disk encryption is a technology (based on Pointsec FDE) that Encrypt the whole hard-disk content..
+
Lenovo Full disk encryption is a technology built-into some Seagate's FDE-ready harddisk that Encrypt the whole hard-disk content..
  
 
{{HINT|This page have been written base on commercial documentation. It should be reviewed based on real life experience}}
 
{{HINT|This page have been written base on commercial documentation. It should be reviewed based on real life experience}}
  
 
=== Features ===
 
=== Features ===
* Preboot Authentication
 
 
* Multi platform (Linux, Windows).
 
* Multi platform (Linux, Windows).
* Protects the whole disk (including FAT partition).
+
* Protects the whole disk (including FAT partition...)
* Low performance impact.
+
* No performance impact.
* Common Criteria EAL 4 (CC EAL4)
+
* Compatible with TPM
 +
* AES (the chip  which performs AES encryption has been [http://www.seagate.com/ww/v/index.jsp?locale=en-US&name=null&vgnextoid=ade81f7095904110VgnVCM100000f5ee0a0aRCRD certified] by [http://csrc.nist.gov/cryptval/aes/aesval.html NIST] )
 +
* Wiping the disk (for disposal...) takes just a second.
 +
 
  
 
</div>
 
</div>
 
|style="vertical-align:top" |
 
|style="vertical-align:top" |
[[image:pointsec_fde_small.gif|Diagram]]<br/>[[http://www.thinkwiki.org/images/6/63/Pointsec_fde.gif Large]](credits: pointsec.com)
+
[[image:momentus5400_3_fde_sm_106x106.gif|FDE Hard disk Photo, credits: seagate.com]]
 
|}
 
|}
  
=== Links ===
+
=== Using Segate FDE ===
* [http://www.pointsec.com/ PointSec]
+
Using FDE as as easy as setting up the hard disk password (from BIOS). You can choose to have just a user password, or both a user and a master password.
* [http://www.techworld.com/midsizedbusiness/features/index.cfm?featureid=2037&pagtype=samecatsamechan Techworld review]
+
You can export the key to an external storage, for password recovery (you need the password !!)
  
 +
==== Lost password ====
 +
Three possibilities :
 +
* Use the master password to change the user key.
 +
* Recover the password using the previously exported key.
 +
* Reset the encryption key (which causes the hard disk to be instantly "wiped", and resets the "hard disk password").
  
 +
==== Wipe the disk ====
 +
Wiping the disk is as easy as reseting the encryption key from the BIOS..
  
=== ThinkPads that may include this feature ===
+
==== TPM ====
* {{T61}}
+
It should be possible to use TPM (with fingerprint readers...) not tested yet.
* {{R61}}
+
 
 +
=== Links ===
 +
* [http://www.seagate.com/www/en-us/products/laptops/momentus/momentus_5400_fde.2/ Seagate MoMentuS 5400 FDe.2]
 +
* [http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=TPAD-SIMS Thinkpad Bios simulator] (R61/T61 not available yet, unfortunately)
 +
* [http://en.wikipedia.org/wiki/Full_disk_encryption Wikipedia - Full disk encryption] (why FDE ??)
 +
* http://www.xml-dev.com/pipermail/fde/ - Full-Disk-Encryption Mailing list

Revision as of 08:34, 3 August 2007

Full Disk Encryption

Lenovo Full disk encryption is a technology built-into some Seagate's FDE-ready harddisk that Encrypt the whole hard-disk content..

Hint:
This page have been written base on commercial documentation. It should be reviewed based on real life experience

Features

  • Multi platform (Linux, Windows).
  • Protects the whole disk (including FAT partition...)
  • No performance impact.
  • Compatible with TPM
  • AES (the chip which performs AES encryption has been certified by NIST )
  • Wiping the disk (for disposal...) takes just a second.


FDE Hard disk Photo, credits: seagate.com

Using Segate FDE

Using FDE as as easy as setting up the hard disk password (from BIOS). You can choose to have just a user password, or both a user and a master password. You can export the key to an external storage, for password recovery (you need the password !!)

Lost password

Three possibilities :

  • Use the master password to change the user key.
  • Recover the password using the previously exported key.
  • Reset the encryption key (which causes the hard disk to be instantly "wiped", and resets the "hard disk password").

Wipe the disk

Wiping the disk is as easy as reseting the encryption key from the BIOS..

TPM

It should be possible to use TPM (with fingerprint readers...) not tested yet.

Links