[unisog] OT: Putting Encyption Functions in the HDDs
Peter Van Epp
vanepp at sfu.ca
Fri Apr 28 03:53:32 GMT 2006
On Thu, Apr 27, 2006 at 03:02:37PM -0700, hermit921 wrote:
> I must be missing something. If I take that drive, attach to another
> computer running a different operating system, how is the disk
> protected? There is no boot process involved.
> If the encryption key is stored in the motherboard firmware I can see the
> disk refusing access, but I would hate to lose the disk contents because I
> upgraded firmware or the motherboard failed. And they say the key is on
> the disk, but that means accessing the disk to get the key to decrypt the
> disk to access the disk...
With the note that I haven't looked at this at all (but do know about
low level PC boot) one easy possibility is to replace sector 0 track 0 (the
partition table and initial boot loader) with a modified one that asks for
a password on boot. This is essentially the same as what pfdisk does when it
is allowing multi partition booting (except it asks which partition you want to
boot instead of for an encryption key). You have to be small (only a couple of
hundred bytes available) and it is probably PC specific but it will work. Now
the user supplied key can be used to unencrypt the rest of the disk and boot.
There is also the option of putting more code (such as the decryption code)
in sectors 1 to 63 of track 0 which are reserved and rarely used.
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the unisog