I have been using softraid full disk encryption, with the exception of the /altroot partition, on my laptop. I have no real threat. I just want it so that if someone wants to go through my laptop, they can't without my permission. With OpenBSD's full disk encryption, and a locking screen saver, there is no known way into my system, with any amount of resources available. The overhead isn't a problem unless I'm copying huge amounts of data, which is rare.
The very first thing that occurred to me when reading about your BIOS level AES disk encryption is what is the weakest link in it. Cracking the AES is the last thing anyone would want to do, assuming it's genuine. Unless the implementation is open source, you could have something like a password utility that only accepts 4 characters, even if you type 50, uses the bios version for entropy, or other serious issues. There are underground folks who will use all their resources to look for and find such vulnerabilities, and we don't really know one way or the other if the implementation is good, unless of course it is open source. On Fri, Jul 20, 2012 at 2:12 AM, Wojciech Puchar < [email protected]> wrote: > Many today SSD and some magnetic disks have AES-128/256 encryption builtin. > > If BIOS supports it, it ask for password then send it to hard disk after > which it decodes it's AES key so it start to work. > > No software crypto overhead, everything fine. > > My question - how secure it really is. > > One extremity is to assume it is certainly well done. > Another - that there are encryption at all, just simple password check. > > Both are possible as there is no way to check. > > I want your opinions. Software encryption would make quite a bit overhead > for my setup.
