[unisog] mobo flash crypto laptops?

Buhrmaster, Gary gtb at slac.stanford.edu
Tue Sep 26 04:11:50 GMT 2006


Many BIOS's support use of the ATA "password lock"
(standard feature of most newer hard drives)
which prevent a drive from being accessed until
a password is provided.  However, that is not 
full disk encryption, and current research(1)
suggests that most implementations are not complete.
Seagate(2) and Hitachi(3) are incorporating FDE on their
newest drives and using either the ATA password
support in many laptop BIOSes to create the 
encryption keys on the hard drive, or using TPM 
for more advanced key management.  Seagate claims 
their FDE.2 drive is now shipping, but I have been 
unable to locate any, nor any vendor including
them in their laptops.  However, the target
audience for these drives is initially government,
health care, and financial industry specific
solutions, so the the laptop vendors may have
special SKUs for those customers.

Gary

(1) http://www.heise.de/ct/english/05/08/172/
(2) http://www.seagate.com/docs/pdf/marketing/po_momentus_5400_fde_bb.pdf
(3) Can't find the current references, but I
    did see a press release from Hitachi at one
    point.


> -----Original Message-----
> From: unisog-bounces at lists.dshield.org 
> [mailto:unisog-bounces at lists.dshield.org] On Behalf Of John Kemp
> Sent: Monday, September 25, 2006 2:46 PM
> To: unisog at lists.dshield.org
> Subject: [unisog] mobo flash crypto laptops?
> 
> 
> I recently heard that some laptops are now
> encorporating a nice full-volume disk encryption
> feature that depends on soldered motherboard nvram.
> So the "lock" uses a mobo nvram chip to tie a password
> to the disk volume encryption... no BIOS password, no disk
> decryption.  Nice.
> 
> Anyone know which laptops are sporting this feature?
> Even the vendors/marketting folks don't seem to understand which of
> their products have this feature, so I'm trying to see if there
> is an easy way to tell which laptops have this.
> 
> Thanks in advance,
> John Kemp (kemp at ns.uoregon.edu)
> 
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> http://lists.dshield.org/mailman/listinfo/unisog
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3376 bytes
Desc: not available
Url : http://lists.dshield.org/pipermail/unisog/attachments/20060925/e0c69e74/attachment.bin 


More information about the unisog mailing list