Hardware based full drive encryption
I have been researching hardware-based SSD Full Drive Encryption (FDE) lately and here are some bullet points to consider:
- What is it? FDE is a way to protect data on laptops in case of loss or theft.
- Who cares? If you have any data on your machine that you wouldn’t gladly hand over to any stranger, it suggests that you want to protect your data somehow.
- Don’t file permissions control data access? It’s fairly trivial to circumvent standard file permissions by removing a laptop hard drive and connecting it to a different system.
- Why this method? Using hardware based Full Drive Encryption (FDE) with SSD drives should provide relief to the performance problems that users of other forms of encryption encounter.
- How does it effect users? Implementations vary by platform, but it basically requires an additional authentication step at system startup (password or fingerprint swipe).
- What systems is it available on? The two laptop platforms that business users care about most, Dell and Lenovo both offer hardware based FDE:
- Dell’s solution is based on “Encrypted Mobility Solid State Drives” and the “Wave Embassy Trusted Drive Manager”. Make sure that the model you select includes “Encrypted Mobility Solid State Drives” hard drive option. Not all models do, but at the time of writing, I was able to add this to a Latitude 6410.
- For more info, check out the bottom of this Dell hard drive description page.
- Here is an interesting FDE performance study provided by Samsung.
- Lenovo has partnered with WinMagic to provide the “SecureDoc” solution for FDE. I didn’t research which specific models are available with this, but here is the press release.