Blog of Trust » Storage

Seagate sells one million self-encrypting drives

Ken Y-N — Thu, 17 Feb 2011 14:40:00 +0000

Quite frankly, my first thought was "Is that all?" when I read a press release from Seagate talking about them reaching this milestone. My second thought was that there were some weasel words about Opal compliance:

Several major original equipment manufacturers (OEMs) are now qualifying Momentus SEDs that are compliant with the Trusted Computing Group’s Opal specification. The Trusted Computing Group, an international body that promotes open standards for computer security, issued the Opal specification in 2009. The specification is focused on enabling the ecosystem for self-encrypting drives and increasing their adoption.

It would appear that from their range of self-encrypting drives (SED), namely Savvio, Cheetah, Constellation, and Momentus, only Momentus are TCG Opal-compliant, with the implication for the other drives the encryption keys are stored elsewhere then loaded onto the drive controller at boot time.

If you’re buying a Seagate for client use, I would strongly recommend you make sure it is an Opal-compliant one you are getting!

Wave Embassy Trusted Drive Manager

Ken Y-N — Thu, 02 Dec 2010 17:20:22 +0000

The Trusted Computing Group official blog published an article by Mike Fratto on managing self-encrypting drives with Wave’s software. It does occasionally read a bit more like an advert than a review, but perhaps that indicates how impressed the reviewer was!

Opal-compliant self-encrypting drives round-up

Ken Y-N — Fri, 01 Oct 2010 16:15:53 +0000

The official Trusted Computing Group blog recently published a handy list of the various drives, both traditional and solid state, that support the full disk encryption Opal standard from the TCG, plus software packages that help you manage the drives.

Seagate’s self-encrypting drive gets FIPS certification

Ken Y-N — Fri, 01 Oct 2010 16:09:38 +0000

An interesting bit of news from itBusiness.ca has been that Seagate’s Momentus range of self-encrypting hard drives have been awarded FIPS (Federal Information Processing Standard) 140-2 certification, meaning that they can now sell these Trusted Computing Group Opal-compliant drives to US and Canadian federal agencies and other governmental bodies that require FIPS certification on the equipment they buy for certain uses.

There’s a bit of a curious statement at the end:

Clark said for the FIPS certified drives, there will be a premium on top, which will vary depending on whatever the partner delivering the product decides.

That sounds like the certificate is also a licence to overcharge…

Why you need self-encrypting drives

Ken Y-N — Wed, 18 Aug 2010 16:36:15 +0000

A recent article sponsored by the Trusted Computing Group and published on Computer Technology Review looked at why self-encrypting drives are almost a legal necessity yet need not be expensive nor painful to introduce and manage. Furthermore, disk drives supporting TCG’s Opal specification for hardware-based encryption are around twice as fast as software-based systems.

Self-encrypting Self-deleting Drives

Ken Y-N — Tue, 17 Aug 2010 16:07:02 +0000

Toshiba have come out with an interesting concept, the self-deleting drive. Basically, a disk compliant with the Trusted Computing Group’s Opal full disk encryption standard can be erased instantly by just deleting the key, so what Toshiba has done is to allow the host device administrator to configure when the drive should be erased, such as at power off or when the drive is removed.

My initial thought is that this sounds pretty useless, but there’s many use cases. An obvious one is for thin clients, where after someone finishes a session all trace of the user needs to be wiped. A second use case is one I read about recently where used photocopiers from eBay were found to have documents left on the hard drive drive that is present inside many modern copying devices.

Gartner evaluates self-encrypting drives

Ken Y-N — Tue, 17 Aug 2010 15:59:11 +0000

According to this post on the Trusted Computing Group’s official blog, Gartner have recently published two reports on self-encrypting drives, with a lot of space devoted to the TCG’s efforts regarding the Opal specification. The author predicts in one report that within five years all drives will ship with encryption as standard, and their testing of the drives that currently do support it finds that there is no performance impact, unlike many software-based solutions.

I’ve not read the reports myself yet as you need to register with Gartner to download them…

Further benefits of Opal on Solid State Drives

Ken Y-N — Mon, 26 Jul 2010 16:26:47 +0000

A recent article by Thomas Coughlin for the Gerson Lehrman Group discussed a few reasons why the Trusted Computing Group’s Opal specification for self-encrypting drives is also applicable to solid state (Flash) drives. Two benefits that I hadn’t realised were available are 1) the cryptographic secure erasure feature of Opal, zapping the decryption keys in just a few milliseconds, is now recognised by the US government’s FIPS 140 revision 3 draft document as a permitted way of wiping drives, and 2) following on from 1), for Solid State Drives an ever-present worry is the wearing-out of the drive, but now since wiping the drive consists of just deleting a key, wear on the drive is minimised.

Flash memory security issues

Ken Y-N — Tue, 20 Jul 2010 16:07:15 +0000

With solid state drives based around Flash memory becoming more and more popular in not just portable computers but also in desktops, the question of securing them also becomes more and more important. On Monday 16th of August 2010 there will be a Flash Security Workshop as a pre-conference event at the Flash Summit in Santa Clara, according to a recent posting on the TCG official blog.

There will be a number of talks from various experts with relationships with the Trusted Computing Group, so expect the TCG’s Opal full disk encryption standard to feature, with particular reference to how the standard may be applied to the solid state world.

Why you want hardware-based disk encryption

Ken Y-N — Mon, 28 Jun 2010 15:09:23 +0000

A recent post on Computer Technology Review by Robert Thibadeau, Ph.D. from Wave Systems on behalf of the Trusted Computing Group listed a number of reasons why one should encrypt notebook computers, and why a hardware solution such as the Opal specification from the Trusted Computing Group is the best. It reports a study:

One of the conclusions of the in-depth analysis was that unlike software encryption, the performance of SEDs was comparable to standard drives in all cases. As a result, “there is simply no incentive for users to remove or bypass the encryption, even if it were possible.”