Peter wrote: > I have seen hard drives which do sector level encryption, and > hook into the bios so that the pw request happens before any > system sw runs. This is a good solution (modulo bios > hacking)[...]
Any such hard drives that I have seen keep the actual encryption key utilized in firmware on the drive, using the password provided during boot merely to authorize the drive to apply the internally stored encryption key, thus making the encryption provided by the drive utterly useless against invasive analysis by an attacker with a modicum of skill in the art. One very promising project underway to get us closer to the goal of transparent universal drive encryption is GEOM, a component scheduled for inclusion in the release of FreeBSD 5.0. (GEOM also will provide a host of other highly desirable mass storage management features in addition to drive encryption). See http://phk.freebsd.dk/geom/ for more information. --Lucky
