SafeGuard

[Roisin]

has anyone used Utimaco's SafeGuard to encrypt the entire hard disk?

[Leon]

no, but from my perspective, that would be overkill. There HAS to be overhead. If you are that concerned with security, just make sure that all data files are in one directory structure, and encrypt that structure. (A good strategy to make backups easier too).

[Roisin]

I was just wondering, where is that safeguard process running from, as it's OS transparent. Is the TCPA chip used to 'hold' that encrypting process/daemon?

I do have an encrypted partiotion on my freebsd machine, and there is a noticable overhead, so I would like to see how safeguard performs.

OS transparency is kinda cool, as there's no way for anybody to physically take your notebook's drive out, and backdoor your OS...

[s0larian]

The performance overhead is not noticeable. Utimaco says its 2-3%, so performance is no issue.

You can use the IBM Security chip, the newest Safeguard 4.1 supports it. But this chip is very slow, so windows boot takes at least additional 30 seconds. It is much faster without using the chip. By the way, the chip is not holding any daemeon, just the key is stored in the chip.

@Leon:
It is no overkill at all, it just makes things easier because you don't have to deal with encrypted containers. Once installed you have nothing to do anymore, just the preboot authentification. Backups can be done with R&R as usual.

[Roisin]

By the way, the chip is not holding any daemeon, just the key is stored in the chip.

so where is that process running from?

Utimaco sells that software to others also, so its most likely not bound to the TCPA chip.

I just cant quite grasp the concept....

[Leon]

hard for me to believe Utimacos' claims of 2-3% performance hit. Can anyone who has actually used this verify.