In moving HW FDE (aka Self-Encrypting Drives, SEDs) between systems no issues at all. There is a bit of a learning curve, because some older BIOS don't "ask" the drive if security is on, and just assume it is if you set a Disk PW. For those revisions, it seems setting the PW the same as the Disk, and rebooting has seemed to work.
SW FDE, no end of issues. multiple days of lost time while we plug the disk into another box, and run the "Decrypter" Live Disk. then re-encrypt. It's really amazing, it seems to the "Only" fix they have for a lot of problems. Decrypt it stand-alone, uninstall, re-install and re-encrypt. For any modern disk this is like 24-36 hours. I am currently a firm believer in HW FDE/SED. And don't trust any SW WinTel based solutions. Johno On Jan 28, 2015, at 8:36 AM, Eric Smith <[email protected]> wrote: > John, > I don't want your comment to be true... sigh. But it is. > What problems have you had moving SATA hardware between systems (that have > FDE)? I've considered fully encrypting eSATA drives at home. > > When it didn't work, were you EVER able to access them the data? Was it just > inconsistent? > > I know I've had troubles using some external cases which supported eSATA & > USB (I was trying eSATA.) The maker blamed some combination of the > motherboard hardware, the chipset in the case, and the SATA drivers. I > switched over to USB on the same case and it worked perfectly (if slower.) > Mixing FDE into that mix scared me enough not to try. > > Eric > > On Wed, Jan 28, 2015 at 1:02 AM, John Orthoefer <[email protected]> wrote: > > On Jan 27, 2015, at 9:11 AM, Edward Ned Harvey (lopser) > <[email protected]> wrote: > >> > > > > Furthermore, BIOS doesn't generally interact with a USB drive, so what if > > you want to recover the contents of a self-encrypted drive attached for > > rescue purposes via USB to some other rescue system? In that case, there > > may be a solution of some kind, but there's also the distinct possibility > > you'd be SOL. > > > > If you want a BIOS-like boot password, I would suggest using TrueCrypt > > instead of self-encrypting drive, because at least then you'll know you can > > attach the drive to any system, and be able to recover it. > > > > For what it's worth Seagate Disk utilities, that are Windows only but free. > Does know how to send commands via USB to an encrypted drive. I've used them > and they seem to work fine. > > True crypt, and PGP FDE I've had problems with both of them, they seem to be > SUPER sensitive to the SATA hardware and driver. I would only be comfortable > using it at a site where we had 10s or 100s of identical machines. But in > my current position I have 1's and 2's of about 30 models (although they are > MOSTLY Dells, I can't imagine how bad it would be if I had a collection of > Makes and Models.) This is part of the reason I've abandoned S/W FDE. > > Johno > > > _______________________________________________ > bblisa mailing list > [email protected] > http://www.bblisa.org/mailman/listinfo/bblisa >
_______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
