Educause Security Discussion mailing list archives
Re: Self-encrypting hard drives for Macintosh
From: Rich Graves <rgraves () CARLETON EDU>
Date: Fri, 4 Mar 2011 08:10:43 -0600
Has anyone used the Seagate self-encrypting hard drives in Macintosh computers?
Only in test/eval, with WinMagic. The hardest part is physically replacing the drive. The MacBook designers didn't make it easy. You install MacOS (and BootCamp/Windows 7) as usual. The self-encrypting drives always encrypt, but the encryption key defaults to unsealed. You then install the WinMagic pre-boot environment, reboot a couple times, and it's done. Nothing changes on the disk platters themselves, but the security chip requires some form(s) of external authentication in order to release the encryption key. This might change in version 5, but as of WinMagic 4 last October, no WinMagic software is installed within the BootCamp partition(s). Thus single-logon and phone-home only function when booted in MacOS. To boot into Windows, you enter your password at the WinMagic pre-boot prompt and hit F12 (I think) instead of Enter. Weird, but people could get used to it. Once the pre-boot environment convinces the self-encrypting drive to unseal, you don't need any software. Other considerations: Hard drive spin-down must be disabled in MacOS and Windows power management because it can cause the hard drive to re-seal. Both OSes must be configured to hibernate, rather than sleep, but that's been recommended by all FDE vendors since cond-boot attacks were published. Because of the reduced time to deploy (no wait for encryption!), the reduced time to wipe/recycle (just change the key!), and operating system transparency, I like the idea of self-encrypting drives a lot, especially for dual-boot Macs and any loaner-pool machine. -- Rich Graves http://claimid.com/rcgraves Carleton.edu Sr UNIX and Security Admin CMC135: 507-222-7079 Cell: 952-292-6529
Current thread:
- Self-encrypting hard drives for Macintosh Flynn, Gary - flynngn (Mar 04)
- Re: Self-encrypting hard drives for Macintosh Rich Graves (Mar 04)
- Re: Self-encrypting hard drives for Macintosh Flynn, Gary - flynngn (Mar 04)
- Re: Self-encrypting hard drives for Macintosh Rich Graves (Mar 04)
- Re: Self-encrypting hard drives for Macintosh Flynn, Gary - flynngn (Mar 04)
- Re: Self-encrypting hard drives for Macintosh Rich Graves (Mar 04)