Vacationhouse's eetimes Article/Role of TPMs
In this article, you will find the following interesting nugget:
"Instead of a TPM, the storage spec relies on an existing storage controller to generate and manage keys that are securely saved on extra space traditionally available on the storage device. Disk drive makers, for example, typically have access to a secure area of a couple hundred megabytes for storing systems management programs on a typical disk drive."
This sounds like storing the encryption keys using a storage controller will be the principal mode for the FDE drives, rather than just an alternative that can be used when a TPM is not available.
First, does anyone know if the TCG specification expresses a preference for using a TPM when storing encryption keys? My knowledge in this area is limited, but it seems likely to me that it would be easier to recover the keys in the scenario described in the article than with any strategy that requires a TPM.
Second, doesn't storing the encryption keys on the hard drive mean that you either have to back up the data on the hard drive onto a central server in a non-encrypted form, or that you have to back up the keys too in the event of hard drive failure? This would be an important scenario over time, significantly more likely to occur than theft of the PC.
Third, is the non-TPM scenario the one where Secude offers an alternative? I remember they were working with Seagate too.
