Encrypted Seagate Hard Drives Could Enable On-board DRM

Last February, storage provider Seagate announced it would be introducing later in the year new hard drive platforms that can be fully encrypted at the hardware level, rendering their usefulness to would-be thieves almost pointless.

Today, with the absorption of former competitor Maxtor almost complete, Seagate is moving with all speed to deploy its implementation of the Trusted Platform Module, now called DriveTrust, on upcoming Momentus hard drives, including one 2.5" model for notebook computers, and another for DV-R devices.

Along with this arguably compelling new technology, though, will come a component that has been a perennial wellspring of controversy ever since its inception: hard-wired digital rights management, such as the capability to lock down write operations within a DV-R based drive to only those that have been authorized by a certified server.

So Seagate is being very careful today how it positions its announcement of the unveiling of hard drives with a Trusted Platform Module (TPM) component for PCs, knowing full well that the capability for one's hard drive to overrule the operating system -- and, with it, the authority of the user or administrator with regard to what files can be written, where, and when -- is not necessarily something consumers automatically view as a "feature."

Key to the success of Seagate's architecture will be the integrity of the chain of communication between the TPM module on the PC -- upon whose existence DriveTrust will depend -- and the TPM on the hard drive (HDD). With the hard disk drive itself being one of the most closed systems in a computer assembly, it becomes relatively easier to secure the chain of communication between the CPU and HDD using hardware-based authentication. This disables any third party or unauthorized device from siphoning off portions of the bit stream, whether using hardware or software.

This kind of copying is a concern to content providers, including movie studios, that have to date been reluctant to throw their support behind any form of digital content recording system, until it can prove itself impenetrable to incursion for the purpose of making surreptitious copies.

Initially, Blu-ray Disc and HD DVD had promised to serve as the premiere vehicles for Internet-driven, high-quality digital downloads. But with high-definition media sales much lower than anticipated, even though the first edition of AACS copy protection is available for licensing, blue-laser recording consoles may both become the "Betamax" of their day.

As a result, attention is turning to hard-drive-based devices, where customers could conceivably download high-quality media at their leisure, though their ability to make digital copies on optical disc could be restricted or disabled. Furthermore, downloads could be given "expiration dates" that users wouldn't be able to override.

These policies could be established and maintained by DriveTrust, as Seagate's initial January 2005 demonstration to content providers' technologists showed.

Still, even if content providers were slow to leverage DriveTrust for its inherent DRM capabilities, the technology could still succeed with consumers if it increased the reliability of HDD transactions. With TPMs in both the CPU and the HDD, a new kind of data transfer scheme would be enabled, using what the Trusted Computing Group calls a "root of trust."

Previously, only the interaction between the CPU and RAM could be considered relatively impregnable. But with even Windows or Linux or Mac OS X reliant upon TPMs to provide services, conceivably the entire security architecture of computing could change very radically, to an extent Symantec and McAfee could only imagine.

The whole design behind viruses involves the ability for malicious code to hide in unmonitored locations (perhaps in plain sight) on hard drives, and replicate itself to similar locations elsewhere, these days using networks. With a new, TPM-anchored root-of-trust scheme in place, and with the operating system supporting the TCG stack (as Microsoft's already does), only authenticated transactions could enable data to be written to hard drives.

As a result, a crafty virus would need to either falsify its authentication or defeat the TPMs - which, while not theoretically impossible, is substantially more difficult than the state of affairs today. In any event, operating system-based anti-virus protection would probably need to be reconsidered from the ground up if it is expected to be effective, or even moderately useful, in a computing scheme where the operating system is no longer the principal authority for conducting data transactions in a computer.

BetaNews is scheduled to speak with Seagate Technology regarding DriveTrust, and will provide an extensive update on this topic in coming days.