[FDE] Momentus FDE and simple PBE for Linux

Scott S scott at u.washington.edu
Mon Aug 13 16:48:58 MDT 2007 

Hi Jeff,

The simple solution for you is to use the drive lock password feature 
(also called ATA drive lock) in the BIOS of your laptop. When you do 
this, you will be prompted for a password to unlock the drive every time 
the laptop is turned on. And the great thing about this is that with 
a Momentus FDE drive you get the full benefit of encryption protection.

Note, drive lock is available with any hard drive. However, with regular 
drives, this is just a false sense of security. There are utilities out 
there that can instantly reset the drive lock password to blank, opening 
the hard drive to anyone's use. One the other hand, with the Momentus FDE 
drive, the drive lock password itself is used to encode the encryption key. 
If an attacker were to reset the password to blank, the encryption key is 
not accessible, and so the data remains protected.

Scott

P.S. Another possibility of using FDE drive with Linux is to have the FDE 
drive "initialized" using one of the vendor software for Windows, then 
install Linux. In theory this should work since pre-boot authenticaton 
is still be there... but someone would have to confirm this.

On Thu, 9 Aug 2007, Jeff Johnson wrote:

> Greetings,
>
>    Has anyone (corp or open-source effort) developed a simple preboot
> environment for use with the Seagate Momentus FDE drives?
>
>    I have only found one that claims Linux support and it is anything
> but simple. Many people who would benefit from the FDE drives are
> individuals, freelancers or sole-proprietors. Nearly all of the options
> I have seen come as a part of an enterprise-wide key management scheme.
>
>    A company called ENova had hardware FDE that used an external key
> fob that attached via a modified USB port.
>
>    Does a simple bios/EFI level or single user PBE that works with
> Linux exist?
>
> Thanks,
>
> Jeff
> _______________________________________________
> FDE mailing list
> FDE at www.xml-dev.com
> http://www.xml-dev.com/mailman/listinfo/fde
>

More information about the FDE mailing list