|
Hardware-based full disk encryption (FDE) is available from many hard disk drive (HDD) vendors, including: Seagate Technology, Hitachi, Western Digital, Samsung, Toshiba and also solid-state drive vendors such as SanDisk, Samsung, Micron and Integral Memory. The symmetric encryption key is maintained independently from the CPU, thus removing computer memory as a potential attack vector. In relation to hard disk drives, the term 'Self-Encrypting Drive' (SED) is in more common usage. Hardware-FDE has two major components: the hardware encryptor and the data store. There are currently three varieties of hardware-FDE in common use: #Hard disk drive (HDD) FDE (usually referred to as SED) #Enclosed hard disk drive FDE #Bridge and Chipset (BC) FDE ==Hard disk drive FDE== HDD FDE is made by HDD vendors using the OPAL and Enterprise standards developed by the Trusted Computing Group. Key management takes place within the hard disk controller and encryption keys are 128 or 256 bit Advanced Encryption Standard (AES) keys. Authentication on power up of the drive must still take place within the CPU via either a software pre-boot authentication environment (i.e., with a software-based full disk encryption component - hybrid full disk encryption) or with a BIOS password. Hitachi, Micron, Seagate, Samsung, and Toshiba are the disk drive manufacturers offering TCG OPAL SATA drives. Older technologies include the proprietary Seagate DriveTrust, and the older, and less secure, PATA Security command standard shipped by all drive makers including Western Digital. Enterprise SAS versions of the TCG standard are called "TCG Enterprise" drives. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Hardware-based full disk encryption」の詳細全文を読む スポンサード リンク
|