i want to use the aes 128 bit protected data encryption off the ssd 320 in an autonomous computer. The problem is, no user interaction is possible and i'm looking for an other way to enter the ata password so that the access to the drive is possible. Are there any methods to enter the password and unlook the drive after the system is running e.g. by a software tool? The SSD will be used with a Windows 7 Embedded operating system.
This will not be possible if the SSD is the boot drive as only the BIOS can interact and unlock the drive. While it might be possible to add an extension to the BIOS to automatically enter the password it would require some work.
Also if no password is required to boot the system as it is entered automatically somehow, then the system isn't really secure anyway.
Another option would be use a motherboard with a TPM chip which ties the drive to the motherboard, although again if the system boots unattended and then someone gains access to the entire system the data still isn't secure.
A better option if it is Windows you could use BitLocker with a USB stick to unlock the drive then secure the USB stick somewhere remote from the main system, so if the whole platform was stolen they'd not have the USB stick and so couldn't gain access to the drives data.
thank you for this helpful answer. First of all, the data security is given within the computer because the system can not be stolen. Safety must be ensured when the SSD will be removed from the system. The SSD is not the boot device. This drive will be used to store sensor data only and will be removed from time to time.
To modify the bios sounds very interesting to me to enter the password automatically. Could you tell me some key words for what i have to looking for? The used motherboard ETXexpress-MC has an TPM chip. Is it with this chip possible to enter the pwd automatically?
Finally the BitLocker System is an other good option but in this case the decryption will be performed by software with lost of cpu power. Sensor Data wich have to be stored could have a rate of 30 MB/s.
Thanks you very much!
By default a lot of motherboards will put a security lock on any drive with ATA security options in order to stop malware from setting a password without your permission, this makes it hard or next to impossible to unlock the drive once the OS has booted as the drive is 'security frozen', typically you attach the drive after the OS has booted if you want to get access to the security options, for example a security erase, so it doesn't get locked by the BIOS.
I'm not sure how a TPM platform completely works, I've enabled it on my laptop before along with BitLocker and had an encrypted drive which required no further passwords.
I know it is an embedded system however modern CPU's seem to deal with encryption without much overhead these days, so while not ideal, it might not eat into CPU cycles as much as you think.
Hope that helps get you started. Sometimes things seem more complicated than they need to be don't they.