Hardware-based full disk encryption

Hardware-based full disk encryption (FDE) is available from many hard disk drive (HDD) vendors, including: Seagate Technology, Hitachi, Western Digital, Samsung, Toshiba and also solid-state drive vendors such as OCZ, SanDisk, Samsung, Micron and Integral Memory. The symmetric encryption key is maintained independently from the CPU, thus removing computer memory as a potential attack vector. In relation to hard disk drives, the term Self-encrypting drive (SED) is in more common usage.

Hardware-FDE has two major components: the hardware encryptor and the data store. There are currently three varieties of hardware-FDE in common use:

HDD FDE is made by HDD vendors using the OPAL and Enterprise standards developed by the Trusted Computing Group.Key management takes place within the hard disk controller and encryption keys are 128 or 256 bit Advanced Encryption Standard (AES) keys. Authentication on power up of the drive must still take place within the CPU via either a software pre-boot authentication environment (i.e., with a software-based full disk encryption component - hybrid full disk encryption) or with a BIOS password.