Milan Brož1,2, Mikuláš Patočka1 and Vashek Matyáš 2.
1 Red Hat Czech, Brno, Czech Republic
2 Masaryk University, Faculty of Informatics, Brno, Czech Republic
Abstract. Full Disk Encryption (FDE) has become a widely used secuity feature. Although FDE can provide confidentiality, it generally does not provide cryptographic data integrity protection. We introduce an algorithm-agnostic solution that provides both data integrity and confidentiality protection at the disk sector layer. Our open-source solution is intended for drives without any special hardware extensions and is based on per-sector metadata fields implemented in software. Our implemenation has been included in the Linux kernel since the version 4.12.
The paper published in the IFIP SEC 2018 confeence proceedings by Springer Verlag