Yes, users must authenticate themselves directly to the drive using a password before the drive will unlock and allow the normal OS to boot. This does not use either the BIOS or the OS to perform the authentication.
The Seagate FDE drive supports more secure authentication approach where the authentication to the drive is done using an alternate pre-boot OS held in a protected area of the drive, and also support new ATA security commands for Trusted Send and Trusted Receive to protecting the password. If the authentication is successful, as determined by the Seagate FDE drive, then the drive is unlocked and the system is allowed to boot normally. So with this solution, not only is the authentication done before any foreign software is allowed to load, the encryption keys are never exposed outside the protected hardware of the drive itself, including the user area of the drive or in the OS, which is what these attacks are exploiting dan at geer.org dan at geer.org Fri Feb 22 11:19:04 MST 2008 "Andreas W. Kuhn" writes: -+----------------------- | The beauty about the Seagate MOMENTUS FDE.2 is that | the encryption key never leaves the hard disk. It is | never in the open. Never. Yes, I am answering without RTFM, but the key never leaving the disk then requires something with which to unlock said key, quite possibly a password... And, of course, RTFM is an entirely valid reply. --dan
_______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
