3 Replies Latest reply on May 31, 2012 10:59 AM by phil_l

    intel ssd 320 - how to enter ata - pwd without user interaction

    Emanuel Schlüßler

      Hello,

       

      i want to use the aes 128 bit protected data encryption off the ssd 320 in an autonomous computer. The problem is, no user interaction is possible and i'm looking for an other way to enter the ata password so that the access to the drive is possible. Are there any methods to enter the password and unlook the drive after the system is running e.g. by a software tool? The SSD will be used with a Windows 7 Embedded operating system.

       

      kind regards

      Emanuel

        • 1. Re: intel ssd 320 - how to enter ata - pwd without user interaction
          phil_l

          Hi

           

          This will not be possible if the SSD is the boot drive as only the BIOS can interact and unlock the drive.  While it might be possible to add an extension to the BIOS to automatically enter the password it would require some work.

           

          Also if no password is required to boot the system as it is entered automatically somehow, then the system isn't really secure anyway.

           

          Another option would be use a motherboard with a TPM chip which ties the drive to the motherboard, although again if the system boots unattended and then someone gains access to the entire system the data still isn't secure.

           

          A better option if it is Windows you could use BitLocker with a USB stick to unlock the drive then secure the USB stick somewhere remote from the main system, so if the whole platform was stolen they'd not have the USB stick and so couldn't gain access to the drives data.

           

          Regards

           

          Phil

          1 of 1 people found this helpful
          • 2. Re: intel ssd 320 - how to enter ata - pwd without user interaction
            Emanuel Schlüßler

            Hi,

             

            thank you for this helpful answer. First of all, the data security is given within the computer because the system can not be stolen. Safety must be ensured when the SSD will be removed from the system. The SSD is not the boot device. This drive will be used to store sensor data only and will be removed from time to time.

            To modify the bios sounds very interesting to me to enter the password automatically. Could you tell me some key words for what i have to looking for? The used motherboard ETXexpress-MC has an TPM chip. Is it with this chip possible to enter the pwd automatically?

             

            Finally the BitLocker System is an other good option but in this case the decryption will be performed by software with lost of cpu power. Sensor Data wich have to be stored could have a rate of 30 MB/s.

             

            Thanks you very much!

            Emanuel

            • 3. Re: intel ssd 320 - how to enter ata - pwd without user interaction
              phil_l

              Hi

               

              There is information here regarding using a BIOS extension which might give you some pointers or starting point  http://www.fitzenreiter.de/ata/ata_eng.htm

               

              By default a lot of motherboards will put a security lock on any drive with ATA security options in order to stop malware from setting a password without your permission, this makes it hard or next to impossible to unlock the drive once the OS has booted as the drive is 'security frozen', typically you attach the drive after the OS has booted if you want to get access to the security options, for example a security erase, so it doesn't get locked by the BIOS.

               

              I'm not sure how a TPM platform completely works, I've enabled it on my laptop before along with BitLocker and had an encrypted drive which required no further passwords.

               

              I know it is an embedded system however modern CPU's seem to deal with encryption without much overhead these days, so while not ideal, it might not eat into CPU cycles as much as you think.

               

              Hope that helps get you started.  Sometimes things seem more complicated than they need to be don't they.

               

              Regards

               

              Phil