On lun., 2011-01-24 at 08:14 +0000, Thomas Nguyen Van wrote: > Good morning > Our company needs to encrypt hard drives on our machines running under > Linux Debian Lenny. > Seagate proposes FDE solutions with Momentus 5400 and/or 7200 > (http://www.seagate.com/docs/pdf/fr-FR/whitepaper/mb595_2_momentus_fde_sed_ii_sq_kit.pdf) > > This solution is very interesting because the password or the > passphrase is not stored on the hard drive but in the BIOS in their > case. So that a server can reboot without any human intervention.
Does that means that if the server dies, the drive is lost too? If you have to send the motherboard for support you give your keys too. BIOS is a black box which you have to trust anyway, but giving it your keys might not be really necessary. > > However, this solution only works under windows !! They don't plan to > support under linux such a disk. :o( If everything is handled by the BIOS, why would it be OS-dependent? > So my question is : could you suggest another FDE solution compliant > with a Lenny distribution? Use luks/cryptsetup and put the key on another media (like an usb drive or a sdcard or even a cdrom). Regards, -- Yves-Alexis -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1295857893.29291.4.camel@oban