Fran, Typically the software FDE solution should intercept BIOS interrupt (I'm not Windows programmer, but back in old DOS times it was int 13h and 76h) and individually encrypt/decrypt each 512 bytes sector. It is very CPU-consuming process. Up to 48% of the CPU power can be spent on encryption. The HW FDE (SED, self-encrypting drives) is much more efficient, and no changes in OS is required.
Dmitry -----Original Message----- From: fde-boun...@www.xml-dev.com [mailto:fde-boun...@www.xml-dev.com] On Behalf Of Garrett M. Groff Sent: Friday, April 03, 2009 6:12 AM To: fde@www.xml-dev.com Subject: Re: [FDE] how FDE is implemented at system layer Software-based FDE products install a "filter driver" and transparently encrypt/decrypt disk sectors on-demand. G ----- Original Message ----- From: "Fran Baena" <franba...@gmail.com> To: <FDE@www.xml-dev.com> Sent: Thursday, April 02, 2009 5:42 AM Subject: [FDE] how FDE is implemented at system layer > Hi everyone, > > i'm a newbie in FDE and i'm interested in how all this protecting > methods are implemented in OS level. I mean, the cryptographic > mechanism is more or less clear, but how does it interact with the > file system layer? Does the OS vendor provide an API to manage all the > I/O operations that implies disk encryption/decryption? > > Thanks for your help > > Fran > _______________________________________________ > FDE mailing list > FDE@www.xml-dev.com > http://www.xml-dev.com/mailman/listinfo/fde > _______________________________________________ FDE mailing list FDE@www.xml-dev.com http://www.xml-dev.com/mailman/listinfo/fde _______________________________________________ FDE mailing list FDE@www.xml-dev.com http://www.xml-dev.com/mailman/listinfo/fde