On 08/20/14 12:15, Paul Heinlein wrote:
The disk encryption happens all the time. If you put a FDE drive into
your laptop, the bits always get encrypted before being written to
platter (or whatever).
The interesting stuff happens when you encrypt the firmware-based key,
using the BIOS "set disk password" functionality. I don't think the BIOS
saves the password; I think the key remains decrypted until the machine
is powered off.
My recollection is that you need to enter the disk password only after a
full shutdown, but I only provisioned these machines; I never used them
day-to-day. So I don't know if you need to enter password after a period
of laptop hibernation. I don't think so, but I can't really remember.
The BIOS prompts for the password and authenticates to the drive.
(Authentication is just decryption of the FDE key.) The FDE key never
leaves the hard drive. So, while the drive has power, the key stays
decrypted in the hard drive controller memory.
DoD wipe is just telling the drive to erase the FDE key.
http://knowledge.seagate.com/articles/en_US/FAQ/205983en
How do FDE drives work with Windows Hibernation power saving mode?
Windows Hibernation (S4) is a cold start and would force password
authentication on any drive-level password. Other power saving
states that keep some power to the drive would not be challenged.
Windows Standby (S3) may or may not be supported in the Seagate
Secure third-party software. The user needs to check with the
software company to determine whether Standby is supported. If not,
the software will force Hibernate (S4) in place of Standby (S3).
--
Mr. Flibble
King of the Potato People
http://www.linkedin.com/in/RobertLanning
_______________________________________________
Tech mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
