Implementation of security to an external retail drive. The 25 character SID is created during production for every FDE drive. It is simply used to verify the possession of the drive. On a new drive this SID is used as the Master Password to start security management, e.g. create user password, recovery password Once user sets a password this SID can only be used to secure erase a drive when the user password was lost. This is special to the Black Armor implementation as the probability that users will forget their passwords is too high. If the user password is lost there is no way to get back data stored on the drive. In order for Seagate to not get back these drives just for the locked status, the SID can be used to secure erase the drive and make it reuseable. After Secure erase all user data is gone and the drive starts on next power up as a virgin drive. The management SW on the locked drive is located in a secure, write protected area of the drive. Therefore this drive can be connected to any computer and there has no software to run on this computer which could detect a locked (protected) drive. User has to partition and format the drive after secure erase as there is no useful data on it any more
On a notebook drive the implementation is different. Once a password is set the SID is no password any longer. On a secure erase as well the data in the locked drive mode would be cleared and the drive reset to unlocked state. In order to run secure erase you need a valid password for the drive. On Black Amor SID is for reuseability purpose. The AES key that is randomly generated on every secure erase, never leaves the drive and is unknown to Seagate. The drive encrypts always all data written to the media and decrypts it during read. The access to data means you can provide a valid password when powering up the drive. HM
_______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
