448:
themselves because of concerns of the storage overhead needed for authentication tags. Thus, if tampering would be done to data on the disk, the data would be decrypted to garbled random data when read and hopefully errors may be indicated depending on which data is tampered with (for the case of OS
312:
Secure and safe recovery mechanisms are essential to the large-scale deployment of any disk encryption solutions in an enterprise. The solution must provide an easy but secure way to recover passwords (most importantly data) in case the user leaves the company without notice or forgets the password.
178:
with the intention of providing a more secure implementation. Since disk encryption generally uses the same key for encrypting the whole drive, all of the data can be decrypted when the system runs. However, some disk encryption solutions use multiple keys for encrypting different volumes. If an
292:
There are other (non-TCGA/OPAL based) self-encrypted drives (SED) that don't have the known vulnerabilities of the TCG/OPAL based drives (see section below). They are Host/OS and BIOS independent and don't rely on the TPM module or the motherboard BIOS, and their
Encryption Key never leaves the
179:
attacker gains access to the computer at run-time, the attacker has access to all files. Conventional file and folder encryption instead allows different keys for different portions of the disk. Thus an attacker cannot extract information from still-encrypted files and folders.
288:
provides industry accepted standardization for self-encrypting drives. External hardware is considerably faster than the software-based solutions, although CPU versions may still have a performance impact, and the media encryption keys are not as well protected.
277:
within the storage device are called self-encrypting drives and have no impact on performance whatsoever. Furthermore, the media-encryption key never leaves the device itself and is therefore not available to any malware in the operating system.
449:
metadata – by the file system; and for the case of file data – by the corresponding program that would process the file). One of the ways to mitigate these concerns, is to use file systems with full data integrity checks via
165:
In general, every method in which data is seamlessly encrypted on write and decrypted on read, in such a way that the user and/or application software remains unaware of the process, can be called transparent encryption.
353:
An emergency recovery information (ERI) file provides an alternative for recovery if a challenge–response mechanism is unfeasible due to the cost of helpdesk operatives for small companies or implementation challenges.
512:
With full disk encryption, the decision of which individual files to encrypt is not left up to users' discretion. This is important for situations in which users might not want or might forget to encrypt sensitive
228:. The TPM can impose a limit on decryption attempts per unit time, making brute-forcing harder. The TPM itself is intended to be impossible to duplicate, so that the brute-force limit is not trivially bypassed.
549:
by replacing it with a modified version. This ensures that authentication can take place in a controlled environment without the possibility of a bootkit being used to subvert the pre-boot decryption.
541:
by loading a small, highly secure operating system which is strictly locked down and hashed versus system variables to check for the integrity of the Pre-Boot kernel. Some implementations such as
300:
component which is available for all types of solutions from a number of vendors. It is important in all cases that the authentication credentials are usually a major potential weakness since the
537:
is stored must be decrypted before the OS can boot, meaning that the key has to be available before there is a user interface to ask for a password. Most Full Disk
Encryption solutions utilize
822:
123:
as if it were a physical drive, making the files just as accessible as any unencrypted ones. No data stored on an encrypted volume can be read (decrypted) without using the correct
261:
There are multiple tools available in the market that allow for disk encryption. However, they vary greatly in features and security. They are divided into three main categories:
220:(HDD) to a particular device. If the HDD is removed from that particular device and placed in another, the decryption process will fail. Recovery is possible with the decryption
481:
Full disk encryption has several benefits compared to regular file or folder encryption, or encrypted vaults. The following are some benefits of disk encryption:
22:
is a technology which protects information by converting it into code that cannot be deciphered easily by unauthorized people or processes. Disk encryption uses
182:
Unlike disk encryption, filesystem-level encryption does not typically encrypt filesystem metadata, such as the directory structure, file names, modification
984:– Overview of full-disk encryption, how it works, and how it differs from file-level encryption, plus an overview of leading full-disk encryption software.
324:
password recovery mechanism allows the password to be recovered in a secure manner. It is offered by a limited number of disk encryption solutions.
216:
A limited number of disk encryption solutions have support for TPM. These implementations can wrap the decryption key using the TPM, thus tying the
868:
729:
545:
can make use of hardware such as a
Trusted Platform Module to ensure the integrity of the boot environment, and thereby frustrate attacks that
433:. In contrast, self-encrypting drives are not vulnerable to these attacks since the hardware encryption key never leaves the disk controller.
239:, a user would not be able to access the data by connecting the hard drive to another computer, unless that user has a separate recovery key.
411:(TPM) is not effective against the attack, as the operating system needs to hold the decryption keys in memory in order to access the disk.
162:
access rights are normally required to install such drivers, encrypted volumes can typically be used by normal users without these rights.
584:
to store the key, assuming that the user will not allow the dongle to be stolen with the laptop or that the dongle is encrypted as well
493:
is encrypted. Encrypting these files is important, as they can reveal important confidential data. With a software implementation, the
147:
418:
boot sequence, it typically does not ask for the FDE password. Hibernation, in contrast goes via a BIOS boot sequence, and is safe.
969:
617:
248:
321:
981:
174:
Disk encryption does not replace file encryption in all situations. Disk encryption is sometimes used in conjunction with
978:– Covers the use of dm-crypt/LUKS on Linux, starting with theory and ending with many practical examples about its usage.
652:
274:
70:
441:
900:
795:
601:
to store the decryption key, preventing unauthorized access of the decryption key or subversion of the boot loader
777:
414:
Full disk encryption is also vulnerable when a computer is stolen when suspended. As wake-up does not involve a
839:
556:
environment, the key used to encrypt the data is not decrypted until an external key is input into the system.
209:
a hardware device. Since each TPM chip is unique to a particular device, it is capable of performing platform
608:
All these possibilities have varying degrees of security; however, most are better than an unencrypted disk.
591:
436:
Also, most full disk encryption schemes don't protect from data tampering (or silent data corruption, i.e.
965:– Reviews and lists the different features of disk encryption systems (archived version from January 2013)
922:
Casey, Eoghan; Stellatos, Gerasimos J. (2008). "The impact of full disk encryption on digital forensics".
647:
396:
175:
962:
957:
542:
498:
285:
684:
997:
632:
627:
574:
466:
445:
262:
252:
231:
Although this has the advantage that the disk cannot be removed from the device, it might create a
101:
27:
23:
708:
598:
553:
538:
520:), renders the contained data useless. However, if security towards future attacks is a concern,
408:
297:
282:
232:
194:
834:, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and
637:
426:
301:
256:
198:
370:
Does not require a network connection, i.e. it works for users that are at a remote location.
344:
Does not require a network connection, i.e. it works for users that are at a remote location.
139:
within the volume is encrypted (including file names, folder names, file contents, and other
843:
159:
8:
422:
348:
265:-based, hardware-based within the storage device, and hardware-based elsewhere (such as
939:
502:
430:
384:
132:
116:
112:
62:
47:
973:
213:. It can be used to verify that the system seeking the access is the expected system.
862:
823:
622:
120:
943:
931:
753:
546:
534:
517:
437:
392:
388:
380:
270:
66:
338:
217:
831:
664:
521:
490:
407:
can take up to several minutes to degrade after power has been removed. Even a
400:
225:
210:
206:
958:
Presidential
Mandate requiring data encryption on US government agency laptops
516:
Immediate data destruction, such as simply destroying the cryptographic keys (
991:
835:
658:
494:
151:
935:
111:
With transparent encryption, the files are accessible immediately after the
882:
43:
590:
Using a network interchange to recover the key, for instance as part of a
533:
One issue to address in full disk encryption is that the blocks where the
509:
from, while the volume containing the operating system is fully encrypted.
827:
236:
202:
136:
747:
642:
486:
462:
235:
in the encryption. For example, if something happens to the TPM or the
155:
105:
31:
757:
567:
349:
Emergency recovery information (ERI)-file password recovery mechanism
183:
74:
65:(MBR), or similar area of a bootable disk, with code that starts the
847:
150:
to the end-user, transparent encryption usually requires the use of
450:
221:
140:
124:
587:
Using a boot-time driver that can ask for a password from the user
331:
No need for the user to carry a disc with recovery encryption key.
169:
506:
316:
128:
421:
All software-based encryption systems are vulnerable to various
581:
361:
Small companies can use it without implementation difficulties.
189:
104:. "Transparent" refers to the fact that data is automatically
61:) signifies that everything on the disk is encrypted, but the
901:"docs/v2.0.0-ReleaseNotes · master · cryptsetup / cryptsetup"
454:
50:. It is used to prevent unauthorized access to data storage.
921:
685:"What is Full-Disk Encryption? - Definition from Techopedia"
440:). That means they only provide privacy, but not integrity.
415:
39:
458:
404:
266:
35:
840:"Lest We Remember: Cold Boot Attacks on Encryption Keys"
364:
No secret data is exchanged during the recovery process.
334:
No secret data is exchanged during the recovery process.
327:
Some benefits of challenge–response password recovery:
399:
before the data disappears. The attack relies on the
379:
Most full disk encryption schemes are vulnerable to a
796:"ClevX's DataLock Secures M.2 SSDs With a Smartphone"
307:
778:"Authenticated Boot and Disk Encryption on Linux"
989:
883:"Practical disadvantages of GCM mode encryption"
559:Solutions for storing the external key include:
749:Information technology. Trusted platform module
497:code cannot be encrypted however. For example,
170:Disk encryption vs. filesystem-level encryption
317:Challenge–response password recovery mechanism
867:: CS1 maint: multiple names: authors list (
461:) on top of full disk encryption. However,
296:All solutions for the boot drive require a
190:Disk encryption and Trusted Platform Module
818:
816:
403:property of computer memory, whereby data
80:
69:loading sequence, is not encrypted. Some
813:
528:
471:
108:or decrypted as it is loaded or saved.
990:
775:
618:Comparison of disk encryption software
444:used for full disk encryption are not
249:Comparison of disk encryption software
982:Buyer's Guide to Full Disk Encryption
374:
357:Some benefits of ERI-file recovery:
73:systems can truly encrypt an entire
963:On-The-Fly Encryption: A Comparison
653:Hardware-based full disk encryption
524:or physical destruction is advised.
442:Block cipher-based encryption modes
275:Hardware-based full disk encryption
71:hardware-based full disk encryption
13:
915:
465:started experimentally to support
242:
14:
1009:
951:
604:Using a combination of the above
485:Nearly everything including the
308:Password/data recovery mechanism
395:, then dumping the contents of
893:
875:
788:
769:
740:
722:
701:
677:
367:No information can be sniffed.
293:crypto-boundary of the drive.
1:
670:
391:a machine already running an
577:method such as a fingerprint
115:is provided, and the entire
100:), is a method used by some
7:
887:Cryptography Stack Exchange
648:Filesystem-level encryption
611:
476:
176:filesystem-level encryption
10:
1014:
543:BitLocker Drive Encryption
499:BitLocker Drive Encryption
286:Opal Storage Specification
246:
55:full disk encryption (FDE)
752:, BSI British Standards,
570:in combination with a PIN
970:"Block-layer encryption"
924:Operating Systems Review
633:Disk encryption software
628:Disk encryption hardware
575:biometric authentication
467:authenticated encryption
446:authenticated encryption
253:Disk encryption hardware
102:disk encryption software
24:disk encryption software
16:Data security technology
936:10.1145/1368506.1368519
554:pre-boot authentication
539:Pre-Boot Authentication
409:Trusted Platform Module
298:pre-boot authentication
283:Trusted Computing Group
233:single point of failure
195:Trusted Platform Module
709:"Truecrypt User Guide"
638:Disk encryption theory
547:target the boot loader
501:leaves an unencrypted
427:acoustic cryptanalysis
337:No information can be
302:symmetric cryptography
257:Disk encryption theory
199:secure cryptoprocessor
86:Transparent encryption
81:Transparent encryption
776:Poettering, Lennart.
383:, whereby encryption
94:on-the-fly encryption
77:, including the MBR.
59:whole disk encryption
844:Princeton University
529:The boot key problem
472:Full disk encryption
423:side channel attacks
205:that can be used to
90:real-time encryption
563:Username / password
431:hardware keyloggers
304:is usually strong.
730:"t-d-k/LibreCrypt"
322:Challenge–response
158:process. Although
63:master boot record
824:J. Alex Halderman
802:. 18 October 2022
758:10.3403/30177265u
623:Digital forensics
387:can be stolen by
375:Security concerns
1005:
977:
976:on Sep 17, 2015.
972:. Archived from
947:
909:
908:
907:. 16 April 2022.
897:
891:
890:
879:
873:
872:
866:
858:
856:
855:
846:. Archived from
836:Edward W. Felten
820:
811:
810:
808:
807:
792:
786:
785:
773:
767:
766:
765:
764:
744:
738:
737:
726:
720:
719:
713:
705:
699:
698:
696:
695:
681:
535:operating system
518:crypto-shredding
393:operating system
381:cold boot attack
271:host bus adaptor
201:embedded in the
88:, also known as
67:operating system
1013:
1012:
1008:
1007:
1006:
1004:
1003:
1002:
998:Disk encryption
988:
987:
968:
954:
918:
916:Further reading
913:
912:
899:
898:
894:
881:
880:
876:
860:
859:
853:
851:
821:
814:
805:
803:
794:
793:
789:
774:
770:
762:
760:
746:
745:
741:
728:
727:
723:
711:
707:
706:
702:
693:
691:
683:
682:
678:
673:
614:
531:
491:temporary files
479:
474:
377:
351:
319:
310:
259:
247:Main articles:
245:
243:Implementations
218:hard disk drive
192:
172:
133:encryption keys
131:(s) or correct
83:
53:The expression
42:that goes on a
20:Disk encryption
17:
12:
11:
5:
1011:
1001:
1000:
986:
985:
979:
966:
960:
953:
952:External links
950:
949:
948:
917:
914:
911:
910:
892:
874:
838:(2008-02-21).
832:Nadia Heninger
828:Seth D. Schoen
812:
800:Tom's Hardware
787:
768:
739:
721:
700:
689:Techopedia.com
675:
674:
672:
669:
668:
667:
665:Single sign-on
662:
655:
650:
645:
640:
635:
630:
625:
620:
613:
610:
606:
605:
602:
595:
588:
585:
578:
571:
564:
530:
527:
526:
525:
514:
510:
478:
475:
473:
470:
401:data remanence
376:
373:
372:
371:
368:
365:
362:
350:
347:
346:
345:
342:
335:
332:
318:
315:
309:
306:
244:
241:
211:authentication
191:
188:
171:
168:
154:to enable the
152:device drivers
82:
79:
15:
9:
6:
4:
3:
2:
1010:
999:
996:
995:
993:
983:
980:
975:
971:
967:
964:
961:
959:
956:
955:
945:
941:
937:
933:
929:
925:
920:
919:
906:
902:
896:
888:
884:
878:
870:
864:
850:on 2011-07-22
849:
845:
841:
837:
833:
829:
825:
819:
817:
801:
797:
791:
783:
779:
772:
759:
755:
751:
750:
743:
735:
731:
725:
717:
710:
704:
690:
686:
680:
676:
666:
663:
661:
660:
659:In re Boucher
656:
654:
651:
649:
646:
644:
641:
639:
636:
634:
631:
629:
626:
624:
621:
619:
616:
615:
609:
603:
600:
596:
593:
589:
586:
583:
579:
576:
572:
569:
565:
562:
561:
560:
557:
555:
550:
548:
544:
540:
536:
523:
519:
515:
511:
508:
504:
500:
496:
495:bootstrapping
492:
488:
484:
483:
482:
469:
468:
464:
460:
456:
452:
447:
443:
439:
434:
432:
428:
424:
419:
417:
412:
410:
406:
402:
398:
394:
390:
386:
382:
369:
366:
363:
360:
359:
358:
355:
343:
340:
336:
333:
330:
329:
328:
325:
323:
314:
305:
303:
299:
294:
290:
287:
284:
279:
276:
272:
268:
264:
258:
254:
250:
240:
238:
234:
229:
227:
223:
219:
214:
212:
208:
204:
200:
196:
187:
185:
180:
177:
167:
163:
161:
160:administrator
157:
153:
149:
144:
142:
138:
135:. The entire
134:
130:
126:
122:
119:is typically
118:
114:
109:
107:
103:
99:
95:
91:
87:
78:
76:
72:
68:
64:
60:
56:
51:
49:
45:
41:
37:
33:
29:
25:
21:
974:the original
930:(3): 93–98.
927:
923:
904:
895:
886:
877:
852:. Retrieved
848:the original
804:. Retrieved
799:
790:
782:0pointer.net
781:
771:
761:, retrieved
748:
742:
733:
724:
715:
703:
692:. Retrieved
688:
679:
657:
607:
558:
551:
532:
480:
435:
420:
413:
389:cold-booting
378:
356:
352:
326:
320:
311:
295:
291:
280:
260:
230:
215:
207:authenticate
193:
181:
173:
164:
145:
110:
97:
93:
89:
85:
84:
58:
54:
52:
19:
18:
237:motherboard
203:motherboard
197:(TPM) is a
148:transparent
137:file system
854:2008-02-22
806:2023-12-28
763:2020-12-04
694:2021-04-25
671:References
643:Encryption
487:swap space
463:cryptsetup
186:or sizes.
184:timestamps
156:encryption
568:smartcard
451:checksums
141:meta-data
106:encrypted
75:boot disk
992:Category
863:cite web
612:See also
597:Using a
580:Using a
573:Using a
566:Using a
489:and the
477:Benefits
425:such as
263:software
222:password
125:password
46:or disk
28:hardware
944:5793873
716:grc.com
552:With a
522:purging
339:sniffed
129:keyfile
121:mounted
32:encrypt
942:
905:GitLab
734:GitHub
582:dongle
513:files.
503:volume
453:(like
438:bitrot
397:memory
255:, and
146:To be
117:volume
48:volume
34:every
940:S2CID
712:(PDF)
455:Btrfs
226:token
869:link
594:boot
507:boot
429:and
416:BIOS
405:bits
385:keys
281:The
273:).
98:OTFE
92:and
57:(or
44:disk
40:data
932:doi
754:doi
599:TPM
592:PXE
505:to
459:ZFS
457:or
269:or
267:CPU
224:or
143:).
113:key
38:of
36:bit
30:to
26:or
994::
938:.
928:42
926:.
903:.
885:.
865:}}
861:{{
842:.
830:,
826:,
815:^
798:.
780:.
732:.
714:.
687:.
251:,
946:.
934::
889:.
871:)
857:.
809:.
784:.
756::
736:.
718:.
697:.
341:.
127:/
96:(
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.