03-26-2011 08:14 AM
I am considering to buy a couple of new solid state drives for my company. A requirement is FDE and according to some info I found the new 320 series should support this. I have a few questions:
1. As far as I know none of our computers have any support in BIOS for disk password. Is this required for FDE to work with the 320 series or how exactly does the encyption / password entry work?
2. If we would like to use a RAID configuration (RAID 0 striping) is it still possible to use FDE and if so do one have to enter a password for each disk?
3. What about using two disks in the samer computer (non-raid) that is used to dual boot two different operating systems (say Linux and Windows 7) installed one OS on each drive - does FDE work in this case and would one have to enter a password twice?
4. Is the FDE solution dependent on some support in the OS (in that case what OS does it work with) or is it independent?
5. Do you have some white paper about the FDE with for instance information about how much slower it is compared to a non FDE drive?
6. I have read that TRIM does not work with SSDs in RAID configuration. Is this still the case and how dependent is the 320-series of TRIM?
/Trist
CORRECTION : I just found that our Dell Precision M6500 computers do have a field in the BIOS for disk password so I am interested in the questions above (two disks in the machine with or without RAID) also for this configuration. How do I know if the 320-serias FDE is compatible with the disk password setting in the dell M6500 machines? Is there a standard for this that all BIOS manufacturers follows or??
03-27-2011 10:28 AM
I'm not sure but it seems that Intel approach is no differ then SandForce 12xx one. It means: this is ONLY internal encryption with random generated passwords and without user defined passphrese. This solution does NOT increase security against thieves. It speeds secure erasing and add minor layer of security against controller switching (for ATA-pass overriding) and flash memory dumping. Highly rare and uncommon situations these days.
03-28-2011 12:01 AM
Hmmm in that case it is pretty lame - moving a disk between two controllers is even something I WANT TO BE ABLE TO DO.... it is really the data theft issue one want to address (in particular on laptops)....
/Trist
03-28-2011 09:02 AM
The controller switching is rather outdated hack method (mainly for platter drives) based on swapping hdd's electronic board (containing drive's controller and internal bios) to bypass some security methods. It does not concern motherboard controller, the drive's electronics only.
There are IMO much better solutions for securing mass storage these days. Much more flexible then bios-based passwords (with its 8 characters limitation - too small against brute force attacks). All of them are based on preboot authentication (and to be honest they have theirs own issues) but I highly dubt Intel implemented that. We are talking about budget drives.
03-29-2011 10:41 AM
While many bios seem to have 8 character limitations, is there any technical reason for it? As far as the ATA specs go, up to 32 characters should be fine to use.