On Tue, Jul 6, 2021, at 3:37 PM, rhkra...@gmail.com wrote: > I've seen warnings (against hacks) that say (among other things) to enable > "secure flash". I've been googling to learn more about that, but I haven't > found any good explanation. > > I'm beginning to get hints that it is not so much a thing (to be enabled), > but > more the (a) process to update the computer's BIOS. (e.g., "'Unable to start > a Secure flash session' error message.") > > Can somebody provide either a little more explanation and / or a link to a > (reasonably simple) reference?
There are available on the market SATA and USB interface flash or SSD drives that have built-in encryption. they require the user to enter an encryption key when they start up. The software to handle requesting and passing the key can be in the BIOS or in a user-supplied boot-loader or user-mode app that resides on a non-encrypted disk. The advantage of this mode vs software encryption is that the encryption engine resides in the firmware of the disk so it doesn't eat up CPU or GPU cycles that should be better applied to running user apps. Use your favorite search engine to look for "self encrypted ssd" (without the quotes). Does that help? Rick