Will Self-Encrypting Drives Speed Up PC Boot Times?

In the last year, drive vendors such as Seagate (STX), Hitachi (HIT) and Fujitsu (FJTSY.PK) announced self-encrypting drives. The general scheme is that you type in a password during the BIOS boot-up phase, and the password is authenticated by the drive. The drive then decrypts disk reads and encrypts disk writes at native speed, all internal to the drive. So to Windows, Linux or other software, the drive appears as a normal unencrypted drive, as all such software is booted after unlocking the drive.

It occurs to me, if self-encryption becomes a common feature in drives, perhaps one of the banes of a quick boot-up (anti-virus checks) could be eliminated during some or all of the boot-up phase? TPMs are also working their way into popularity (IDC figures a 90% attachment rate by 2010), which would offer a more complete chain of trust to complement self-encrypting drives. If it could be trusted that no modifications have occurred to the drive since the last boot, couldn't a lot of scanning be eliminated, with a focus only on newly added content?

If well-coordinated with AV software, I wonder if this will open the door to snappier boot times on Windows platforms?

Comments

[Larry M.:]

I can't help but Wonder if this is all about giving the US Government a Back Door Key ...... like AT&T Phones gave the US Government a few years ago ... and without telling the Public that a Back Door Key was there.

Jan 18 11:16 AM

[billp37:]

Larry

Your concerns are valid.

www.prosefights.org/nm...

Also a hardware or software error in encryption could make the data on the disk unrecoverable..

Sandia labs errors in hardware encryption chips rendered the US land-based nuclear arsenal largely inoperable.

www.prosefights.org/nm...

"wrong stuff

National Security Agency and the T1563 Nuclear bomb controller. & Sandia National Labs management and the. failing Radiation-hardened computer chips ..."

www.google.com/search?...=

www.geocities.com/Capi...

Jan 18 06:31 PM

[trantor:]

Your understanding of encryption/storage is simplistic. How an encryption process works is that the disk needs to be "unlocked". Once that is done, 100% of all activity works as normal, including virus scans. There will be no difference to a user. The drive will actually be slightly slower than a non-encrypted drive.

this technoogy is great for the "causal user" or small business, but the encryption is still subject to standard break in attempts, including freezing the RAM. Another problem is that since the beginning of the disk is "known", any hacker with access to the disk can read in the beginning of the drive, run it through a decryption scheme, and figure out the password in a relatively short order. Encryption only really works when the data is completely random.

A "volume" (or disk) is not random, as it requires specific structures at the beginning of the disk, in specific locations, which is the fatal flaw in this technology.

Jan 21 05:31 PM

[Peter S Mag...:]

"Encryption only really works when the data is completely random."

And you accuse Kevin of having a simplistic view of encryption? ;-)

Jan 21 07:36 PM