The computer security technique called disk encryption is used to protect confidentiality of the data stored on a computer disk. This article discusses hardware which is used to implement the technique (for cryptographic aspects of the problem see disk encryption). Compared to access restrictions commonly enforced by an OS, this technique protects data even when the OS is not active, for example, if data is read directly from the hardware.
Hardware designed for a particular purpose can often achieve better performance than software implementations, and disk encryption hardware can be made more transparent to software than encryption done in software. As soon as the key has been initialized, the hardware should in principle be completely transparent to the OS and thus work with any OS. If the disk encryption hardware is integrated with the media itself the media may be designed for better integration. One example of such design would be through the use of physical sectors slightly larger than the logical sectors.
Hardware solutions have also been criticised for being poorly documented. Many aspects of how the encryption is done are not published by the vendor. This leaves the user with little possibility to judge the security of the product and potential attack methods. It also increases the risk of a vendor lock-in.
In addition, implementing hardware-based full disk encryption is prohibitive for many companies due to the high cost of replacing existing hardware. This makes migrating to hardware encryption technologies more difficult and would generally require a clear migration and central management solution for both hardware- and software-based full disk encryption solutions.