Above Disk.sys.
Note that encrypting the boot media is a major task.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: Amitrajit Banerjee.
To: Windows System Software Devs Interest List
Sent: Wednesday, June 08, 2005 11:09 AM
Subject: [ntdev] Encryptors
Hello members,
We are trying to design and develop a full fledged security suite for computers (x86). Well, one of the modules of this suite would be a set of tools that will encrypt the entire storage media (HDD in the begining, opthers later), on a sector by sector basis starting right from the MBR to the last sector. OFcourse we need to write some drivers for the same. My query is where exactly in the disk driver stack should we place our driver to get teh best benifit. Should it reside right above Disk.sys? A lower filter driver or what?
Please support your answers with a bare minimum of “this is why it should be done this way…”.
Thanks and regards,
amitr0
Note:-
- Spelling Mistakes and Grammatical Errors, If Any, Are Regretted.
- Kindly Acknowledge This Mail At The Earliest.
- This E-Mail Might contain Confidential information. If You Are Not Entitled
To View it, Please Delete The Message Immediately And Inform Me.
Thanking You,
Amitrajit Banerjee.
— Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256 You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’ To unsubscribe send a blank email to xxxxx@lists.osr.com
And Max means a MAJOR task.
First, without changing the BIOS just how do you expect to boot the OS, since the MBR has to be loaded and contains the code to load the OS loader as well as the location of that loader. But you encrypted the MBR. Catch 22.
Secondly, what happens on a crash and the system attempts to dump itself? That has to be encrypted as well, else you defeat your own security, which means your driver must be involved.
–
The personal opinion of
Gary G. Little
“Maxim S. Shatskih” wrote in message news:xxxxx@ntdev…
Above Disk.sys.
Note that encrypting the boot media is a major task.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: Amitrajit Banerjee.
To: Windows System Software Devs Interest List
Sent: Wednesday, June 08, 2005 11:09 AM
Subject: [ntdev] Encryptors
Hello members,
We are trying to design and develop a full fledged security suite for computers (x86). Well, one of the modules of this suite would be a set of tools that will encrypt the entire storage media (HDD in the begining, opthers later), on a sector by sector basis starting right from the MBR to the last sector. OFcourse we need to write some drivers for the same. My query is where exactly in the disk driver stack should we place our driver to get teh best benifit. Should it reside right above Disk.sys? A lower filter driver or what?
Please support your answers with a bare minimum of “this is why it should be done this way…”.
Thanks and regards,
amitr0
Note:-
1) Spelling Mistakes and Grammatical Errors, If Any, Are Regretted.
2) Kindly Acknowledge This Mail At The Earliest.
3) This E-Mail Might contain Confidential information. If You Are Not Entitled
To View it, Please Delete The Message Immediately And Inform Me.
Thanking You,
Amitrajit Banerjee.
— Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256 You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’ To unsubscribe send a blank email to xxxxx@lists.osr.com
By the way, full disc encryption (FDE) best done by the disc itself. Please
check out this article:
"Momentus FDE - Seagate will offer hardware-based full disc encryption
technology on its new Momentus FDE family of hard drives, providing the
industry’s strongest protection against unauthorized access to data on
stolen or retired notebook PCs. FDE technology requires only a user key to
encrypt all data, not just selected files or partitions, on the drive. "
–
The personal opinion of
Gary G. Little
“Gary G. Little” wrote in message news:xxxxx@ntdev…
And Max means a MAJOR task.
First, without changing the BIOS just how do you expect to boot the OS,
since the MBR has to be loaded and contains the code to load the OS loader
as well as the location of that loader. But you encrypted the MBR. Catch 22.
Secondly, what happens on a crash and the system attempts to dump itself?
That has to be encrypted as well, else you defeat your own security, which
means your driver must be involved.
–
The personal opinion of
Gary G. Little
“Maxim S. Shatskih” wrote in message
news:xxxxx@ntdev…
Above Disk.sys.
Note that encrypting the boot media is a major task.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: Amitrajit Banerjee.
To: Windows System Software Devs Interest List
Sent: Wednesday, June 08, 2005 11:09 AM
Subject: [ntdev] Encryptors
Hello members,
We are trying to design and develop a full fledged security suite for
computers (x86). Well, one of the modules of this suite would be a set of
tools that will encrypt the entire storage media (HDD in the begining,
opthers later), on a sector by sector basis starting right from the MBR to
the last sector. OFcourse we need to write some drivers for the same. My
query is where exactly in the disk driver stack should we place our driver
to get teh best benifit. Should it reside right above Disk.sys? A lower
filter driver or what?
Please support your answers with a bare minimum of “this is why it should be
done this way…”.
Thanks and regards,
amitr0
Note:-
1) Spelling Mistakes and Grammatical Errors, If Any, Are Regretted.
2) Kindly Acknowledge This Mail At The Earliest.
3) This E-Mail Might contain Confidential information. If You Are Not
Entitled
To View it, Please Delete The Message Immediately And Inform Me.
Thanking You,
Amitrajit Banerjee.
— Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256 You are currently subscribed to
ntdev as: unknown lmsubst tag argument: ‘’ To unsubscribe send a blank email
to xxxxx@lists.osr.com