Magnetic Storage Media, Volumes, and Encryption Flashcards
Hard Disk Operation:
- Controllers had to maintain a map of physical disk layout
- This was divided into Cylinders, Heads and Sectors
- Later this was changed to Linear Block Address (LBA) schemes, simply providing a single numerical address
- Modern fixed disks employ an internal operating system, but may still present a “virtual” CHS or LBA interface
Hard Disk Controller and Specialised Components…
- Motor and actuator controls, signal amplifiers, transceivers for HBA interfaces
- Signal processing for read/write channels
- Processors will typically be multi-core systems-on-chip (SoC) running a real-time operating system (RTOS)
- The RTOS must schedule mechanical movements and read/write operations to maximise throughput parameters
- Advanced components include crypto co-processors for functions including Self-Encrypting Drives and Bulk Data Encryption as well as Cryptographic Disk Erasure
Volume Management - Microsoft uses both CHS and LBA in their…
FAT32 and FAT32X partition types
Volume Management - When using 512-byte sectors, the 32-bit limit on fields…
Restricts maximum partition size to 2 TBytes
Volume Management - The MBR consists of 512 or more bytes located in sector 0 of the drive and may contain:
- Partition table
- Bootstrap code
- Time stamps and signatures
MBR partition tables can hold up to four primary entries, but these may be used to set up a hierarchy of extended partitions…
- Each partition entry identifies the file system or container (extended) types, each having their (recursive) own partition table
- Booting must occur from one of the primary partitions
- The precise format of the MBR varies with implementations and is not fully standardised
- Up until kernel 6.0 (Vista), partitions were aligned on CHS boundaries, not exact sizes, later on 2048 sector boundaries
The UEFI firmware can be configured to…
Identify and boot from arbitrary partitions without a need for cascading boot loaders
UEFI is best thought of as a separate operating system…
- It provides both boot and runtime services and is extensible with vendors such as Apple and Microsoft providing separate boot managers, shells and user interfaces
- (U)EFI also includes device drivers and graphics interfaces
- Alternatively to booting from a disk partition, UEFI allows network booting via the Pre-Boot Execution Environment (PXE) or network attached storage
UEFI supports a secure boot process requiring…
Public key signatures verified against a platform key or other firmware-stored key exchange keys
The ATA Drive Lock mechanism can be easily removed as…
The password is stored in the drive service area and can be overwritten or the flag disabled
TCG Opal Storage Specification 2.01 (2015):
- Primary key management is on the device and encryption is performed transparently - encryption key itself is not revealed by the drive
- This protects data at rest on self-encrypting drives (SEDs) and can also be used for cryptographic erasure
The TCG Opal specification specifies a separate authentication mechanism as well as a key escrow mechanism for authentication key recovery…
• Any valid authentication key will allow the on-disk media encryption key to be unlocked
TCG Opal - Separate configurations for attended (end-user) and server systems exist…
- Pre-boot authentication can be employed including multi-factor authentication
- Otherwise key management software must maintain authentication keys externally - this may also be a requirement for end-user devices
- Further documents from the TCG cover distinct use cases
A SED will show a virtual view of the disk, but a 128 MByte MBR shadow is…
Maintained by the disk but not visible even to a forensic imaging device
For authentication, the SED maps the MBR shadow to LBA 0 and…
Without a key all other blocks outside show as zeros
