Maybe it makes sense to FDE *all* servers now, purely as a warranty bullshit countermeasure. I wonder if you can stick the decryption key in a random UEFI variable (for systems without a TPM). It just has to not be on the drives.
Show this thread
So apparently it's 2019 and @Lenovodc *still* insists on having a broken in-warranty enterprise HDD returned (even though that would be a massive data protection violation) or else they charge for the replacement.
I am not amused.
-
-
-
Of course you can't rely on SED drives, because drive manufacturers don't know squat about security and you cannot trust the firmware; several implementations have already been proven hopelessly insecure.
Show this thread
End of conversation
New conversation -
-
-
I honestly never thought of the problem. How do other manufacturers deal with this?
-
Apparently keeping the drives is a value-add warranty option for most - but nobody told us about this when we bought the Lenovo servers, and it's too late now. I do wonder how this interacts with European law though. GDPR vs warranty. I wouldn't mind seeing this tested in court.
- Show replies
New conversation -
-
-
Can you get away with degaussing them? (Does that even work on modern HDDs?)
-
You'd need a really big degausser. AIUI the actual magnetic domains have really high coercivity in modern drives (they have to, they're so small they'd lose their magnetization otherwise).
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.