Re: [FDE] Momentus FDE and simple PBE for Linux
Hi Jeff,
The simple solution for you is to use the drive lock password feature
(also called ATA drive lock) in the BIOS of your laptop. When you do
this, you will be prompted for a password to unlock the drive every time
the laptop is turned on. And the great thing about this is that with
a Momentus FDE drive you get the full benefit of encryption protection.
Note, drive lock is available with any hard drive. However, with regular
drives, this is just a false sense of security. There are utilities out
there that can instantly reset the drive lock password to blank, opening
the hard drive to anyone's use. One the other hand, with the Momentus FDE
drive, the drive lock password itself is used to encode the encryption key.
If an attacker were to reset the password to blank, the encryption key is
not accessible, and so the data remains protected.
Scott
P.S. Another possibility of using FDE drive with Linux is to have the FDE
drive "initialized" using one of the vendor software for Windows, then
install Linux. In theory this should work since pre-boot authenticaton
is still be there… but someone would have to confirm this.
On Thu, 9 Aug 2007, Jeff Johnson wrote:
> Greetings,
>
> Has anyone (corp or open-source effort) developed a simple preboot
> environment for use with the Seagate Momentus FDE drives?
>
> I have only found one that claims Linux support and it is anything
> but simple. Many people who would benefit from the FDE drives are
> individuals, freelancers or sole-proprietors. Nearly all of the options
> I have seen come as a part of an enterprise-wide key management scheme.
>
> A company called ENova had hardware FDE that used an external key
> fob that attached via a modified USB port.
>
> Does a simple bios/EFI level or single user PBE that works with
> Linux exist?
>
> Thanks,
>
> Jeff
> _______________________________________________
> FDE mailing list
> FDE@www.xml-dev.com
> http://www.xml-dev.com/mailman/listinfo/fde
>
_______________________________________________
FDE mailing list
FDE@www.xml-dev.com
http://www.xml-dev.com/mailman/listinfo/fde
Installing a pre-boot environment in the Seagate Momentus FDE drive requires a digital certificate from Seagate. I am not aware of any open source pre-boot solutions for the FDE drive.
The previous post correctly mentioned that if the FDE software for setup and administration is configured and the preboot installed in a Windows environment, then at powerup authentication takes place in the preboot, the drive unlocks and the primary MBR is then used to boot whatever OS has been loaded on the drive, including Linux, dual boot, or whatever.
Lark Allen
August 14, 2007 at 3:13 am