Morning Jeroen, Thanks for your quick reply. I agree with you in general, Software FDE does not protect your datas.
However, in this Seagate solution (ATA Security and/or Drive Trust), we have a hardware FDE which is faster. As far as I understood, it seems that it is possible to store the password in the BIOS and not on the hard drive itself. So that the main sensitive information is not stored on the hard drive and there is no risk to reveal the datas if you steal this hard drive. That's why I was looking for an equivalent running under linux. :o) Thomas NGUYEN VAN ----- Original Message ----- From: "Jeroen van Dongen" <jer...@lbvd.nl> To: debian-security@lists.debian.org, "Thomas Nguyen Van" <t.nguyen...@jumper.ie> Sent: Monday, January 24, 2011 9:27:38 AM GMT +01:00 Amsterdam / Berlin / Bern / Rome / Stockholm / Vienna Subject: RE: Question related to FDE (Full Disk Encryption) solution under Linux Debian Lenny RE: Question related to FDE (Full Disk Encryption) solution under Linux Debian Lenny If your server can reboot without a human being present to enter a password, what's to stop someone who steals your server to obtain access to the data? The FDE does NOT protect your data against hackers - if they hack your running system, they have access to all data that your application has access to as well. FDE only has something to offer against an adversary getting physical access to an *in-active*/un-mounted disk. And even then, only if the required credentials are *not* stored on/with the same system. Rgds, Jeroen -----Original message----- To: debian-security@lists.debian.org; From: Thomas Nguyen Van <t.nguyen...@jumper.ie> Sent: Mon 24-01-2011 09:15 Subject: Question related to FDE (Full Disk Encryption) solution under Linux Debian Lenny Good morning Our company needs to encrypt hard drives on our machines running under Linux Debian Lenny. Seagate proposes FDE solutions with Momentus 5400 and/or 7200 (http://www.seagate.com/docs/pdf/fr-FR/whitepaper/mb595_2_momentus_fde_sed_ii_sq_kit.pdf) This solution is very interesting because the password or the passphrase is not stored on the hard drive but in the BIOS in their case. So that a server can reboot without any human intervention. However, this solution only works under windows !! They don't plan to support under linux such a disk. :o( So my question is : could you suggest another FDE solution compliant with a Lenny distribution? Thanks in advance Thomas NGUYEN VAN
