Daniel, The use of Seagate FDE drives is very simple:
First of all, there is no special driver that needs to be installed at any level to use an FDE drive. An FDE drive operates like a normal drive from the getgo. It is just that it is always encrypting the data that gets saved on the drive, totally transparent to you or to the OS. And it is only when you set the password on the drive that you are taking advange of encryption security. And you don't need anything to do that either (more on this later). Second, there is no key generation you need to worry about. The drive doesn't use your password to generate a key. The drive has a secret encryption key unrelated to your password, and the drive is the only one that has access to it. Third, when you set the password and authenticate to the drive at the start of the computer, in essence, what you are doing is providing permission to the drive to use its secret encryption key to read and write the data. Once this happens, the FDE drive is a normal drive to the OS and applications. Four, so how do you set the password on the FDE drive? There are two ways. The simple, cheap, and quick way is via the drive lock in the BIOS (not to be confused with the system BIOS password). For this you don't need anything else, just go into the BIOS and look for it under the hard drive or SATA section to set it. Once set, the password gets save on the drive so that if you were to connect the drive to a diffent computer, it will still ask for the password. The drive lock password is ideal for single users and don't need anything fancy. The second way is via a 3rd party client software that you will have to purchase. Besides being more user friendly, the client software provide enhance features like password synchronization with OS, remote password reset, and multiple account access. For a company these features are must. One last thing, it was stated at the beginning that "there is no key generation". This doens't mean that the key can not be generated. It can be, and it is a feature. A generation of a new key happens when you want to do a cryptographical erase of the entire drive (also called secure wipe). However, you will still not know what the new keys is. Scott > I would love to have some FDE hardware drives, but the hour I spent at the > Seagate website didn't tell me how the key was established. Can I just buy > such a drive and install it in a white-box computer and have it work? > WIthout any evidence on the website to the contrary, I just assumed the > drive came with a windows driver for setting the key, and that a special > motherboard with a tpm circuit was required for the driver to work. > > If that isn't the case, it makes the drives much more attractive. Are > there instructions somewhere on the net? This would be of interest to us > for both Windows and Linux. > > Daniel Feenberg > > >> >> Dmitry >> >> >> >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On >> Behalf Of Garrett M. Groff >> Sent: Friday, April 03, 2009 6:12 AM >> To: [email protected] >> Subject: Re: [FDE] how FDE is implemented at system layer >> >> Software-based FDE products install a "filter driver" and transparently >> encrypt/decrypt disk sectors on-demand. >> >> G >> >> >> >> ----- Original Message ----- >> From: "Fran Baena" <[email protected]> >> To: <[email protected]> >> Sent: Thursday, April 02, 2009 5:42 AM >> Subject: [FDE] how FDE is implemented at system layer >> >> >>> Hi everyone, >>> >>> i'm a newbie in FDE and i'm interested in how all this protecting >>> methods are implemented in OS level. I mean, the cryptographic >>> mechanism is more or less clear, but how does it interact with the >>> file system layer? Does the OS vendor provide an API to manage all the >>> I/O operations that implies disk encryption/decryption? >>> >>> Thanks for your help >>> >>> Fran >>> _______________________________________________ >>> FDE mailing list >>> [email protected] >>> http://www.xml-dev.com/mailman/listinfo/fde >>> >> >> _______________________________________________ >> FDE mailing list >> [email protected] >> http://www.xml-dev.com/mailman/listinfo/fde >> >> _______________________________________________ >> FDE mailing list >> [email protected] >> http://www.xml-dev.com/mailman/listinfo/fde >> > _______________________________________________ > FDE mailing list > [email protected] > http://www.xml-dev.com/mailman/listinfo/fde > _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
