Self-encrypting drives: The best-kept secret in hard drive encryption
An SED is a self-encrypting hard drive with a circuit built into the disk drive controller chip that encrypts all data to the magnetic media and decrypts all the data from the media automatically. All SEDs encrypt all the time from the factory onwards, performing like any other hard drive, with the encryption being completely transparent or invisible to the user.
To protect the data from theft, the user provides a password. This password is used by the drive to encrypt or decrypt the media encryption key. In this way even the media encryption key cannot be known without knowing the password.
Very strong passwords are permitted by the Trusted Computing Group specification for SEDs of up to 32 bytes. With such a password, it is practically impossible for a would-be data thief to recover the media encryption key and access data on the hard drive. In January 2009, the Trusted Computing Group (TCG) published final specifications for SEDs that are widely supported by PC, server drive and application providers. In March 2009, hard drive suppliers started shipping SEDs based on the TCG's specifications.