Security company ST Electronics has shown a new hard drive enclosure that can be used to upgrade a laptop running any operating system to full-disk encryption without the need for drivers or BIOS modifications.
The DigiSAFE DiskCrypt is a 2.5 inch enclosure which comes with its own hardware cryptographic module which implements FIPS 140-2 level 1 128-bit or 256-bit AES encryption.
This accepts any 1.8 inch hard drive or SSD into the enclosure, allowing the user to install full-disk encryption (FDE) on any laptop without having to worry about compatibility issues.
The drive is claimed to perform at the full speed of the SATA interface and can be used with an optional USB token for an extra layer of authentication.
Apart from simplicity, there are some advantages to this approach when compared to adding software atop the OS or simply buying an all-in-one encrypted drive such as the Seagate’s Momentus FDE or SED drives.
Mainly these have to do with being able to use any 1.8 inch drive, which for most users will mean buying an SSD drive. If this drive is superseded in capacity or performance, it can be upgraded without the need to upgrade the cryptographic hardware.
If the drive fails, the replacement process is as simple as installing replacing the physical drive. This also means that the removed drive is useless to anyone who finds it.
The disadvantage is probably cost. SSDs are inevitably more expensive and smaller than a conventional 2.5 laptop hard drive, on top of which has to be added the cost of the DiskCrypt itself, reportedly $450 (£290).
There is also the issue that the laptop drive upgrade will require cloning a data and OS image from the installed 2.5 inch drive before it is discarded; the established drive can't simply be removed and slotted into the DiskCrypt enclosure.
However, the drive will work with any operating system without fuss, including Linux.