Full Disk Encryption (FDE) has become a widely used security feature. Although FDE can provide confidentiality, it generally does not provide cryptographic data integrity protection. We introduce an algorithm-agnostic solution that provides both data integrity and confidentiality protection at the disk sector layer. Our open-source solution is intended for drives without any special hardware extensions and is based on per-sector metadata fields implemented in software. Our implementation has been included in the Linux kernel since the version 4.12. This is extended version of our article that appears in IFIP SEC 2018 conference proceedings.
翻译:全面磁盘加密(FDE)已成为广泛使用的安全特征。虽然FDE可以提供保密性,但一般不提供加密数据完整性保护。我们引入了一种算法-不可知性解决方案,在磁盘部门层提供数据完整性和保密性保护。我们的开放源解决方案用于没有特殊硬件扩展的驱动器,并以软件中实施的每个部门元数据字段为基础。我们的实施自4.12版以来就已包括在Linux内核中。这是2018年国际会计师联合会会议议事录中我们文章的扩展版。