Security theater: "security countermeasures intended to provide the feeling of improved security while doing little or nothing to actually improve security". (from wikipedia)
So a while back, I bought a Seagate Momentus 5400 FDE.3 drive (ST9320329) (FDE = Full Disk Encryption) with the intention of completely securing my data from even sophisticated attacks like DRAM freezing. Being an FDE drive, all data on the drive is always encrypted as it is written to the platters (at least that's the claim), using a unique key that is stored in the drive's electronics and never leaves the drive unit (this vs. software encryption where the key is stored somewhere in system DRAM). To get to the key you would have to dismantle the drive's electronics to expose the chip containing the key and then you *still* may not be able to read it without inputting a password. So it seems like a pretty decent security measure (though I presume it's not 100.0000% foolproof and should only be used in combination with other measures if you want really tight security).
From the factory, the data isn't secure because even though the data on the drive is encrypted, there's no access control in place to start with. That is so that you can just pop it in any system and use it like a regular drive without jumping through any hoops. A backwards compatibility of sorts. Fair enough. With the ST9320329, access control is turned on via standard ATA User/Master Password. That is, once a password is set, the drive will not offer any access (in fact, the chip that holds the key apparently won't disclose it to the rest of the drive's electronics) until that password is provided using the standard ATA boot-time (BIOS) drive unlocking protocol.
One might easily be tricked into thinking that once you set the ATA password (using your system's BIOS setup screen) that you're all set. However, as you gurus out there know, system BIOS screens typically only let you set the ATA User Password and not the ATA Master Password (in fact, I've yet to discover any BIOS that lets you change the ATA Master Password and this is at the crux of the problem, but more on that later). As best I can tell, according to the ATA Standard, once the ATA User Password is set, then if an ATA Master Password is set, that will also work to unlock the drive at boot-time (assuming you're in "High" security mode - the default, if I understand correctly - and not "Maximum" security mode). No problem so far, right? You might presume that from the factory, an ATA Master Password wouldn't be set and all you need to do is set the ATA user password and you're golden.
Not so.
According to Seagate's user manual for Momentus FDE.3 drives, "Upon shipment from the Seagate factory... the ATA master password is set to the Security ID (SID)."
Reference:
http://www.seagate.com/staticfiles/support/disc/manuals/notebook/momentus/5400%20FDE.3/100513273a.pdf(see 1.2.1 on p.3)
And here's the kicker - the SID is printed on the drive itself!. That is, from the factory, there is a bypassing backdoor password printed right on the drive.
Thus, even if you set a hard drive password in your system BIOS screen, you data is still fairly easy to access.
Am I missing something here? This doesn't seem right. Seagate touts the security of their Momentus FDE drives as a selling point, but then they print a backdoor password right on the drive. What's worse, there's apparently no way for even a sophisticated user to change that ATA Master Password from anything other than the SID that's printed on the drive. I'm not an HDD Guru, but I'm no slouch either and I have yet to figure out a way to change the ATA Master Password. Asking for support from Seagate has proven futile - they refuse to disclose any method for changing it.
So, to summarize this episode of Security Theater:
Seagate sells their Momentus FDE drives touting "government-grade" security, but they print a documented backdoor password on the drive and refuse to disclose any method to change that password.
Again, am I missing something here? Is this not preposterously ludicrous?
BTW, I've tried out utilities like Victoria, but you can't change ATA passwords once your system has booted because changes are frozen out by any system I've tried (using the ATA SECURITY FREEZE LOCK command) in order to (wisely) counter the possibility of malware screwing with your ATA password(s).
I even bought an old laptop cheap on eBay (Thinkpad T60) because its BIOS was documented as being able to change the "Master HD password". However, that was a mirage - the "Master HD password" is not the ATA Master Password - it's only a password that allows you to disable the ATA User password.
So what's a tinkering dude supposed to do here? Am I just out of luck, having been snookered by this security theater?