Lock down your data without paying a performance penalty with Seagate s Momentus 5400 FDE.2 2.5-in. secure hard-disk drive with DriveTrust (see the figure).It incorporates full-disk, 128-bit Advanced Encryption Standard (AES) hardware-based encryption in addition to a number of new features. For example, its secure, hidden partitions can be used to store information such as additional encryption keys or capability tokens. The drives have a 1.5-Gbit/s Serial ATA interface and can store up to 160 Gbytes of data. DriveTrust security starts with pre-boot authentication that s compatible with most current BIOS implementations. The entire hard disk is always encrypted and accessible only after the proper boot password is provided. Hardware encryption support means performance is the same as a non-encrypted version. It also is completely transparent to an operating system.
Additionally, DriveTrust doesn't implement multilevel security. Instead, it adds support for small, secure, hidden partitions that can be accessed by applications utilizing the DriveTrust application programming interface (API). The size of the hidden area, which is fixed for each drive, typically is on the order of 1% of the drive about the same amount that s reserved for defect recovery.
This hidden area can be broken up into smaller chunks, and it s only accessible via additional keys. It can be used to store information such as authentication certificates. Furthermore, it could be used to implement multilevel security support with software encryption.
Seagate s DriveTrust software adds password management support for the secure partitions as well as emergency password recovery support. It also provides access to the secure erase feature, which includes on-the-fly quick erase.
This approach makes it relatively simple to incorporate an encrypted hard drive into an embedded application. For example, a secure micro-controller with on-chip key storage can store the drive's access password, which is only supplied when it boots or accesses the drive, preventing its removal and use on another system.
The added security of Seagate s DriveTrust architecture puts a premium price on the drives. But it should cost less than $99, which tends to be less than even low-end software-based solutions. Of course, the software approach adds overhead and reduces security, while users and applications now demand higher levels of security. Incorporating a drive like the Momentus 5400 FDE.2 may be one way to up your embedded ante.
Reprints
