Security company ST Electronics has shown a new hard drive enclosure that can be used to upgrade a laptop running any operating system to full-disk encryption without the need for drivers or BIOS modifications.
The DigiSAFE DiskCrypt is a 64mm (2.5") enclosure which comes with its own hardware cryptographic module which implements FIPS 140-2 level 1 128-bit or 256-bit AES encryption.
This accepts any 46mm (1.8") hard drive or SSD into the enclosure, allowing the user to install full-disk encryption (FDE) on any laptop without having to worry about compatibility issues.
The drive is claimed to perform at the full speed of the SATA interface and can be used with an optional USB token for an extra layer of authentication.
Apart from simplicity, there are some advantages to this approach when compared to adding software atop the OS or simply buying an all-in-one encrypted drive such as the Seagate's Momentus FDE or SED drives.
Mainly these have to do with being able to use any 46mm drive, which for most users will mean buying an SSD drive. If this drive is superseded in capacity or performance, it can be upgraded without the need to upgrade the cryptographic hardware.
If the drive fails, the replacement process is as simple as installing replacing the physical drive. This also means that the removed drive is useless to anyone who finds it.
The disadvantage is probably cost. SSDs are inevitably more expensive and smaller than a conventional 64mm laptop hard drive, on top of which has to be added the cost of the DiskCrypt itself, reportedly $450 (€355).
There is also the issue that the laptop drive upgrade will require the creation of a cloned data and OS image from the installed 64mm drive before it is discarded, the established drive cannot simply be removed and slotted into the DiskCrypt enclosure.
However, the drive will work with any operating system without fuss, including Linux.
IDG News Service