Amber Ankerholz wrote an article for Linux.com on the Linux boot-time security presentation that Matthew Garrett recently gave at the Linux Security Summit. In addition to the article, the video of the presentation is also available.
This week at the Flash Memory Summit, the Trusted Computing Group (TCG) and NVM Express (NVMe), put out a new joint white paper called “TCG Storage, Opal, and NVMe“. Opal is a set of specs from the TCG, designed to add TCG-style security to NVMe-based storage devices (‘self-encrypting drives’ (SED’), by adding new technology layers to manage encryption of user data, to enable features beyond ‘data at rest protection’. The ‘family’ of Opal specs include 3 levels: Opal, Opalite, and Pyrite, which provides a range of capabilities for vendors to choose from.
From their whitepaper’s summary, Oval offers these values to NVMe: * Avoids the need to add security to NVM Express standard, or rely on proprietary functionality * Leverages the existing storage security industry standard for a consistent set of requirements * Commonly associated features enable a more consistent and secure overall solution * Simplifies ecosystem enabling, validation, product identification, SKU management * Reduces standardization to a more streamlined process * Provides an extensible interface for additional value-adds to Opal/Opalite/Pyrite functionality, as well as other storage security features
I’m not sure if UEFI 2.5 has this ability or not. UEFI 2.5 did add some new NVMe and crypto storage interfaces, though.