Sign in to follow this  
270673

End to end Self-Encrypting Drive tutorial?

Recommended Posts

I'm trying to read up on Self-Encrypting Drives (SED), a.k.a. Full Disk Encryption implemented in the HDD itself. However, while I know a fair bit about cryptography, I'm having a hard time really grokking how SED is implemented end-to-end, and what the potential weaknesses are. Can anyone provide a link to a comprehensive, user-oriented tutorial on how to use SED on a laptop and desktop?

What I'm thinking about right now is key management. AFAIK, the BIOS password is also used as password for the SED drive encryption. If that's so, then I'm guessing:

  • On latops with a Trusted Platform Module (TPM), you set the BIOS password, and enter it when booting. The BIOS verifies the password against tamper-proof storage in the TPM module? And if they match, permits booting and sends the password to the SED drive, which uses it to unlock data on the drive?
  • In the case of a desktop which doesn't have a TPM module, the BIOS password is just stored un-encrypted (or weakly encrypted) in CMOS? Thus an attacker could in principle read the CMOS password, and use it to unlock the SED drive?

Another angle that might help my understanding is this: What are the main attack vectors against SED harddisks when used as boot drives on a generic SATA computer?

Edited by 270673

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this