My question is basically this: What are people's experiences with hardware-based full disk encryption, esp from a security-auditing standpoint?
More info: I'm specifically looking at the Seagate Momentus FDE drive with Wave's Embassy Suite (If you have experiences with other self-encrypting drives (SEDs) and/or s/w suites, pls opine as well.)
Facts: Self-encrypting drives (that have been configured) will auto-lock when they are powered off (computer shutdown or hibernation, or just pulling the plug). A password, token, or whatever is required to access any of the data on the drive, which itself is encrypted (typically AES-128). However, a reboot does not cause the user to have to re-authenticate with the drive.
The response I got from Wave is that they force hibernation mode (on Dell systems w/ Windows), even if standby mode is selected by the user. But I'm concerned about the following attack scenario:
- the machine is on* (like if the user locks his screen & walks away for a moment), and then
- someone steals the laptop (leaving it on), and then
- restarts the machine using a boot disc or bootable USB stick.
Begging the question: Are there ways of mitigating that avenue of attack beyond just changing the boot sequence in the BIOS & password-protecting the BIOS setup?
* I understand many other vulnerabilities exist on running operating systems, such as buffer overflow attacks on system services via the network, but I find that avenue of attack less likely than simply using a boot disc (as described above), esp as self-encrypting drives become more widespread.