Dmitry is correct. RSA will be a good place to learn about both hardware and software FDE. Drop by the WinMagic booth (#831) and we can explain how software FDE works. As well we will be demonstrating pre-boot authentication and enterprise management for Seagate HW FDE drives and Opal FDE drives.
Garry -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Dmitry Obukhov Sent: Monday, April 13, 2009 1:12 PM To: [email protected] Subject: Re: [FDE] how FDE is implemented at system layer Hi Daniel, Being engineering manager, I can't announce any dates for the products. However, if you will have a chance to visit RSA conference in San Francisco, you will see TCG Opal drives from many vendors. Please stop by at Wave Systems booth; we (Samsung) will have good informative demo of our SED product and I will be glad to answer your questions. Regarding our product, you have to configure the drive with special software compatible with TCG specification. The configured drive doesn't need any OS driver or motherboard modifications to work. Basically, in enterprise environment the configuration should be done by IT department. They have to create Admin account for IT (and keep it for a case of recovery) and user account(s) for end user(s). Then IT should install the drive in the system, optionally install OS, and give it to user. In case of personal computer the user plays the role of IT and doing the same, but stays in charge for everything. There is no restrictions to OS or requirements for the software to run, after pre-boot authentication it behaves as any other drive. Dmitry -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Daniel Feenberg Sent: Saturday, April 11, 2009 3:34 PM To: [email protected] Subject: Re: [FDE] how FDE is implemented at system layer On Thu, 9 Apr 2009, Dmitry Obukhov wrote: > Fran, > > Typically the software FDE solution should intercept BIOS interrupt > (I'm not Windows programmer, but back in old DOS times it was int 13h > and 76h) and individually encrypt/decrypt each 512 bytes sector. It is > very CPU-consuming process. Up to 48% of the CPU power can be spent on > encryption. The HW FDE (SED, self-encrypting drives) is much more > efficient, and no changes in OS is required. I would love to have some FDE hardware drives, but the hour I spent at the Seagate website didn't tell me how the key was established. Can I just buy such a drive and install it in a white-box computer and have it work? WIthout any evidence on the website to the contrary, I just assumed the drive came with a windows driver for setting the key, and that a special motherboard with a tpm circuit was required for the driver to work. If that isn't the case, it makes the drives much more attractive. Are there instructions somewhere on the net? This would be of interest to us for both Windows and Linux. Daniel Feenberg > > Dmitry > > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Garrett M. Groff > Sent: Friday, April 03, 2009 6:12 AM > To: [email protected] > Subject: Re: [FDE] how FDE is implemented at system layer > > Software-based FDE products install a "filter driver" and > transparently encrypt/decrypt disk sectors on-demand. > > G > > > > ----- Original Message ----- > From: "Fran Baena" <[email protected]> > To: <[email protected]> > Sent: Thursday, April 02, 2009 5:42 AM > Subject: [FDE] how FDE is implemented at system layer > > >> Hi everyone, >> >> i'm a newbie in FDE and i'm interested in how all this protecting >> methods are implemented in OS level. I mean, the cryptographic >> mechanism is more or less clear, but how does it interact with the >> file system layer? Does the OS vendor provide an API to manage all >> the I/O operations that implies disk encryption/decryption? >> >> Thanks for your help >> >> Fran >> _______________________________________________ >> FDE mailing list >> [email protected] >> http://www.xml-dev.com/mailman/listinfo/fde >> > > _______________________________________________ > FDE mailing list > [email protected] > http://www.xml-dev.com/mailman/listinfo/fde > > _______________________________________________ > FDE mailing list > [email protected] > http://www.xml-dev.com/mailman/listinfo/fde > _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
