Hardware-based full-disk encryption (FDE) is now available from many hard disk drive (HDD) vendors, becoming increasingly common especially for solid-state drives (SSD). The term "Self-Encrypting Drive" (SED) is now common when referring to HDDs / SSDs with built-in full-disk encryption (FDE).
- 1 Overview
- 2 Linux support
- 3 Encrypting the root (boot) drive
- 4 Encrypting a non-root drive
- 5 Changing the passphrase
- 6 Secure disk erasure
- 7 BIOS based ATA-password
- 8 See also
Many modern SED FDE are made by HDD/SSD vendors which adher to the OPAL 2.0 and Enterprise standards developed by the Trusted Computing Group (TCG). Enterprise SAS versions of the TCG standard are called "TCG Enterprise" drives. The hardware manufactured according to the standards is labelled accordingly.
Unlocking (for runtime decryption) of the drive takes place via either a software, pre-boot authentication environment or with a #BIOS based ATA-password on power up.
Key management technical implementation
Key management takes place within the disk controller and encryption keys are usually 128 or 256 bit Advanced Encryption Standard (AES).
SEDs adhering to the TCG OPAL 2.0 standard specification (almost all modern SEDs) implement key management via an Authentication Key (AK), and a 2nd-level Data Encryption Key (DEK). The DEK is the key against which the data is actually encrypted/decrypeted. The AK is the user-facing 1st-level password/passphrase which decrypts the DEK (which in-turn decrypts the data). This approach has specific advantages:
- Allows the user to change the passphrase without losing the existing encrypted data on the disk
- This improves security, as it is fast and easy to respond to security threats and revoke a compromised passphrase
- Facilitates near-instant and cryptographically secure full disk erasure.
For those who are familiar; this concept is similar to the LUKS key management layer often used in a dm-crypt deployment. Using LUKS, the user can effectively have up to 8 different key-files / passphrases to decrypt the encryption key, which in turn decrypts the underlying data. This approach allows the user to revoke / change these key-files / passphrases as required without needing to re-encrypt the data, as the 2nd-level encryption key is unchanged (itself being re-encrypted by the new passphrase).
In fact, in drives featuring FDE, data is always encrypted with the DEK when stored to disk, even if there is no password set (e.g. a new drive). Manufacturers do this to make it easier for users who are not able to, or do not wish to enable the SEDs' security features. This can be thought of as all drives by default having a zero-length password that transparently encrypts/decrypts the data always (similar to how passwordless ssh keys provide (somewhat) secure access without user intervention).
The key point to note is that if at a later stage a user wishes to "enable" encryption, they can configure the passphrase (AK), which will then be used to encrypt the existing DEK (thus prompting for passphrase beforing decrypting the DEK in future). However, as the existing DEK will not be changed / regenerated; this in effect locks the drive, while preserving the existing encrypted data on the disk.
- Easier to setup (compared to software-based encryption)
- Notably transparent to the user, except for initial bootup authentication
- Data-at-Rest protection
- Increased performance (cpu is freed up from encryption/decryption calculations)
- Increased security due to reduced attack vectors (the main cpu & memory are eliminated as possible attack targets)
- Optimally fast and #Secure disk erasure (sanitation) (regardless of disk size)
- Protection from alternative boot methods due to the possibility to encrypt the MBR, rendering the drive inaccessible before pre-boot authentication
- Constant-power exploits
- Typical self-encrypting drives, once unlocked, will remain unlocked as long as power is provided. This vulnerability can be exploited by means of altering the environment external to the drive, without cutting power, in effect keeping the drive in an unlocked state. For example, it has been shown (by researchers at Universiy of Erlangen-Nuremberg) that it is possible to reboot the computer into an attacker-controlled operating system without cutting power to the drive. The researchers have also demonstrated moving the drive to another computer without cutting power.
- Key-in-memory exploits
- When the system is powered down into S3 ("sleep") mode, the drive is powered down, but the drive keeps access to the encryption key in its internal memory (NVRAM) to allow for a resume ("wake"). This is necessary because for system booted with an arbitrary operating system there is no standard mechanism to prompt the user to re-enter the pre-boot decryption passphrase again. An attacker (with physical access to the drive) can leverage this to access the drive. Taking together known exploits the researchers summarize "we were able to break hardware-based FDE on eleven [of twelve] of those systems provided they were running or in standby mode". Note, however, S3 ("sleep") is not currently supported by sedutil (the current available toolset for managing a TCG OPAL 2.0 SED via Linux)
- Compromised firmware
- The firmware of the drive may be compromised (backdoor) and data sent to it thus potentially compromised (decryptable by the malicious third party in question, provided access to physical drive is achievable). However, if data is encrypted by the operating system (e.g. dm-crypt), the encryption key is unknown to the compromised drive, thus circumventing this attack vector entirely.
msed and OpalTool, the two known Open Source code bases available for SED support on Linux, have both been retired, and their development efforts officially merged to form sedutil, under the umbrella of The Drive Trust Alliance (DTA). sedutil is "an Open Source (GPLv3) effort to make Self Encrypting Drive technology freely available to everyone."
Install the AUR package, which contains the sedutil-cli tool, and helper scripts to create a custom pre-boot authorization (PBA) image based off the current OS in use (e.g. for setting a custom console keymap). Alternatively, you can install sedutil solely for acquiring the sedutil-cli toolset, but download and use the precompiled PBA image (for BIOS) provided by the TGS. If you are using a UEFI machine, you must download this 64-bit UEFI PBA instead.
libata.allow_tpm must be set to
1 (true) in order to use sedutil. Either add
libata.allow_tpm=1 to the kernel parameters, or by setting
1 on a running system.
Encrypting the root (boot) drive
These instructions assume you have the sedutil-cli tool installed (via the AUR, or by other means)
Test the PBA on your machine (optional)
Refer to the official docs.
Prepare and test the rescue image (optional)
Refer to the official docs.
Set up the drive
Decompress the PBA (if required):
$ gunzip pba.img.gz
Use the output of
lsblk --fs to help identify the correct drive.
# sedutil-cli --initialsetup <password> <drive> # sedutil-cli --loadPBAimage <password> <pba_file> <drive> # sedutil-cli --setMBREnable on <password> <drive>
# sedutil-cli --enableLockingRange 0 <password> <drive>
Power off the computer to lock the drive.
When the computer is next powered on, the PBA should ask for your password; then unlock the drive and chain-load the decrypted OS.
If you want to turn off Locking and the PBA:
# sedutil-cli --disableLockingRange 0 <password> <drive> # sedutil-cli --setMBREnable off <password> <drive>
Re-enable locking and the PBA
You can later re-enable locking and the PBA using this command sequence
# sedutil-cli --enableLockingRange 0 <password> <drive> # sedutil-cli --setMBRDone on <password> <drive> # sedutil-cli --setMBREnable on <password> <drive>
Encrypting a non-root drive
A non-root drive does not require loading a PBA. So, activating the encryption is as simple as running:
# sedutil-cli --initialsetup <password> <drive>
Changing the passphrase
Changing the passphrase does not lose existing data on the drive, and does not require re-encryption of data.
# sedutil-cli --setSIDPwd <password> <newpassword> <device> # sedutil-cli --setAdmin1Pwd <password> <newpassword> <device>
Read the #Key management technical implementation section above to learn about how this is implemented securely within the drive, and why it is possible to change the passphrase without losing the existing encrypted data on the drive.
Secure disk erasure
Whole disk erasure is very fast, and remarkably simple for a SED. Simply passing a cryptographic disk erasure (or crypto erase) command (after providing the correct authentication credentials) will have the drive self-generate a new random encryption key (DEK) internally. This will permanently discard the old key, thus rendering the encrypted data irrevocably un-decryptable. The drive will now be in a 'new drive' state.
Read the #Key management technical implementation section above to learn more about how this is implemented securely within the drive.
BIOS based ATA-password
Previous to the industry's TCG OPAL 2.0 standard initiative, the relevant ATA standard defined an "ATA Security feature Set" for SED FDE. This relies on the PC (not SSD/HDD) BIOS to feature an unlocking mechanism utilizing the BIOS to setup the user's encryption password/passphrase. This legacy BIOS-based (ATA) method was considered more unreliable to setup and prone to error with regard to interoperability between PC vendors. Typical errors include, for example, inabilities to unlock a device once it is plugged into a system from a different hardware vendor. Hence, the availability of BIOS support for the legacy password mechanism decreases in availability, particularly for consumer hardware.