[dm-crypt] Hybrid drives
arno at wagner.name
Sun Jul 18 19:01:50 CEST 2010
On Sat, Jul 17, 2010 at 09:13:13AM +0200, Heinz Diehl wrote:
> I just took a closer look at one of the (new?) hybrid harddisk drives,
> such as the Seagate Momentus XT, and now I'm wondering if this
> is a top level security problem. If I understand it correctly, the 4 GB
> SSD memory on the harddisk operates independendly of the drive itself,
> acting as a buffer/cache for virtually all the data stored to the drive. Some
> logic in the harddrives controller is going to serve the 4 GB SSD memory
> part, which is not available/accessable to the OS.
> In other words: such hybrid drives can not safely be encrypted with
> LUKS/dmcrypt (or any other WDE software), because the controller
> randomly swaps out 4 GB data to the SSD area, and even after shutting
> down the machine, parts of/the whole LUKS header/key could possibly
> be left on the SSD part?
There is only one risk, namely a keyslot with an old, later changed
key still being on the SSD part. That is a real risk.
However, it is only a risk if you change a key and the old one is
a security problem before the old keyslot in the SSD cache
is at least partially overwritten.
Keys never get written to disk, whether hybrid or not. Doing
that would be a massive risk in the first place, whether
hybrid or not so it os never done.
For plain dm-crypt there is absolutely no risk at all.
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name
GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
More information about the dm-crypt