Apple-tel has been working fine for me. --Dean
Sent from my iPhone > On Jan 26, 2015, at 9:57 AM, John Orthoefer <[email protected]> wrote: > > > Basically as long as you use WinTel Hardware you are okay AppleTel hardware > doesn’t work. > > The way it works, in a nutshell is PC BIOS probes the SATA drives. If the > “boot drive” says “Hi, I’m here but locked.” The BIOS prompts for a > password, the password is passed to the drive to unlock and decrypt the Drive > Key. The drive is pretty much set up with some block encryptor (AES-256, I > think) just before the write head. So the drive is always “Encrypted” it’s > just if the controller board on the drive has access to the decrypted key. > > There are Linux utilities for doing things like “regenerating the key” which > causes the disk to be “erased” (the Key Material and the Password used to > encrypt the drive are different.) Yes it doesn’t prevent someone from > intercepting the password between the keyboard and the drive (The assumption > is the path from the keyboard though the BIOS and out the SATA port are all > secure.) But if that is your worry. you need a better solution than OPAL or > even S/W encryption. > > You also need to make sure the person at least hibernates the machine, at > least the Dell systems, if you hibernate, the drive “locks” and the BIOS will > reprompt you to unlock the drive to resume. Better is to power down the > machine while it is outside of your control. > > Does that make sense? > > johno > > >> On Jan 23, 2015, at 4:34 PM, Daniel Feenberg <[email protected]> wrote: >> >> >> >> >>> On Fri, 23 Jan 2015, John Orthoefer wrote: >>> >>> I’ve been getting OPAL Self encrypting drives. Since we support so many >>> OSes finding a solution that works for everything has been hard. But OPAL >>> on any standard PC hardware should just work. >> >> Can you say something about how the self-encrypted system appears to users? >> When do they enter the password? What software asks for the password? Is it >> an alternate boot loader? You mention that any standard PC hardware should >> work, but sometimes I have seen it said that the BIOS must support >> encryption - is that false or an alternative arrangement? How is the >> password established? Is there a Windows program that one runs to turn on >> encryption and establish the key? Is there a similar Linux program? Can a >> drive move from Windows to Linux without losing the data? >> >> The vendor literature is long on the benefits, but short description. >> >> Daniel Feenberg >> NBER > > _______________________________________________ > bblisa mailing list > [email protected] > http://www.bblisa.org/mailman/listinfo/bblisa _______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
