Hiddn SafeDisk. Installation Manual. Version April //

Similar documents
FuzeDrive. User Guide. for Microsoft Windows 10 x64. Version Date: June 20, 2018

Installing AudioLinux (Alternative way with GUI)

Intelligent Tiered Storage Acceleration Software for Windows 10

Maxxyz Compact Retrofit Kit Installation Guide

FW Update Tool. Installation Guide. Software Version 2.2

Fujitsu Stylistic ST6000 Series

SafeNet Authentication Client

Finding information on your computer

Technical Guide. USB 3.1 xhci-based Certification Platform. USB-IF USB 3.1 Peripheral Development Kit: USB3.1 certification Platform.

Fujitsu STYLISTIC Q Series

RocketU 1144CM Host Controller

USB 3.1 Type-C Gen 2 Dual-Bay External SATA SSD Enclosure Model

Technical Guide. USB 3.1 xhci-based Certification Platform. USB-IF USB 3.1 Peripheral Development Kit: USB3.1 certification Platform.

Intel Responsiveness Technologies. Dell Setup Guide

SafeNet Authentication Client

FASTTRAK TX4000 QUICK START GUIDE. Version 1.2

The following documents are included with your Sony VAIO computer.

BIOS Update Release Notes

SUPERTRAK EX8300, EX8350 RAID 6 UPGRADE & PRIMER

Samsung Magician v4.8 Introduction and Installation Guide

Fujitsu LifeBook T Series

Fujitsu LifeBook N Series

USB 3.1 Type-C Gen 2 Dual-Bay External M.2 NGFF SATA Enclosure Model

LEGAL INFORMATION LEGAL INFORMATION. Copyright 2012 ZT Systems. All Rights Reserved. FCC STATEMENT. Note: Acknowledgements

Lionstracs Groove X-R

HP SSD Upgrade Kit Installation Guide

Fujitsu LifeBook A Series

SAMSUNG ELECTRONICS RESERVES THE RIGHT TO CHANGE PRODUCTS, INFORMATION AND SPECIFICATIONS WITHOUT NOTICE.

Fujitsu LifeBook T Series

USB 3.1 Type-C Gen 2 External SATA SSD Enclosure. Model

T E C H N O L O G I E S. User Guide. 1:1 Duplicator (HDUSAS)

60 GHz Wireless Dock Basic Model

Fujitsu LifeBook N Series

System Manager Unit (SMU) Hardware Reference

Fujitsu LifeBook P Series

Fujitsu LifeBook U Series

Firmware Download Guide (DSRD Dos Samsung Re-Drive)

FuzeDrive for AMD Ryzen

Fujitsu LifeBook T Series

Fujitsu LifeBook B Series

Tutorial - How to upgrade firmware on Phison S9 controller MyDigitalSSD using a Windows PE environment

USB 3.0 to Dual SATA Hard Drive Docking Station with Standalone Clone Function. Model User Manual. (Available in a PDF file)

Taurus Super-S LCM. Dual-Bay RAID Storage Enclosure for two 3.5 Serial ATA Hard Drives. User Manual July 27, v1.2

Tutorial How to upgrade firmware on Phison S8 controller MyDigitalSSD using a Windows PE environment

RAID Configuration. Workstation W60 Rev5

DataPort 350 & 525 USB 2.0 and FireWire Enclosure User s Guide (800)

USER MANUAL Revised August 2, 2011

Flex Focus 1202 Software Installation Procedure

SIMATIC. Industrial PC Microsoft Windows Embedded Standard 7. Safety instructions 1. Initial startup: Commissioning the operating.

User Guide. Storage Executive. Introduction. Storage Executive User Guide. Introduction

N Series BIOS BIOS SETUP UTILITY

RocketU 1144BM Host Controller

SonicWall SMA 8200v. Getting Started Guide

Wireless Network Video Recorder

SSD Utility. Installation Guide. Software Version 3.n

WLM1200-RMTS User s Guide

RocketRAID 600L. User s Guide. SATA 6Gb/s PCI-Express 2.0 RAID Host Adapters. Revision: 1.0 Nov. 19, 2012 HighPoint Technologies, Inc.

Tutorial How to upgrade firmware on Phison S5 controller MyDigitalSSD.

Dell SonicWALL SonicOS 5.9 Upgrade Guide

A Series BIOS BIOS SETUP UTILITY

SonicWall SonicOS 5.9

FASTTRAK S150 TX2PLUS QUICK START GUIDE. Version 1.2

Fujitsu LifeBook A Series

OWC Mercury Elite Pro Dual ASSEMBLY MANUAL & USER GUIDE

Taurus Super-S3 LCM. Dual-Bay RAID Storage Enclosure for two 3.5-inch Serial ATA Hard Drives. User Manual March 31, 2014 v1.2

Mini Series M.2/SSD NVMe SATA Duplicator. User Manual V1.0

IRONKEY H80 USER GUIDE

BIOS Update Release Notes

Titan V9 BIOS and Shell Upgrade ECN For all Titan Consoles

HikCentral Web Client User Manual

User Guide. Storage Executive Command Line Interface. Introduction. Storage Executive Command Line Interface User Guide Introduction

AMD NVMe/SATA RAID Quick Start Guide for Windows Operating Systems


Taurus - USB. User Manual. Dual-Bay Storage Enclosure for 3.5 Serial ATA Hard Drives. (English)

Using GIGABYTE Notebook for the First Time

Serial ATA PCI RAID Quick Installation Guide

Fujitsu LifeBook P Series

FASTTRAK S150 TX4 QUICK START GUIDE. Version 1.2

Freshman - USB. Storage Enclosure for 2.5 IDE or SATA Hard Drives. User Manual

WL556E Portable Wireless-N Repeater

Apple Server Diagnostics User Guide. For Version 3X109

PROMISE ARRAY MANAGEMENT ( PAM) USER MANUAL

Serial ATA PCI RAID Quick Installation Guide

RocketRAID 644L / 642L

Fujitsu LifeBook A Series

Fiery proserver User Guide

SafeGuard Easy Demo guide. Product version: 6.1

Chapter 4 Using BIOS 1

Rocket 133/133S/133SB User s Manual. Revision: 1.1 Date: Dec HighPoint Technologies, Inc.

User Guide. IronKey Workspace Models: W700 Updated: September 2013 IRONKEY WORKSPACE W700 USER GUIDE

Owner s s Manual. G5 SATA Double Drive Internal Mounting Kit. Apple Macintosh G5. Add 2 SATA drives to the G5

User Manual. Americas: Europe: DriveStation External Hard Drive HD-WHU3R1 HD-QHU3R5

PD-SATA USB/LAN Network Attached Storage Enclosure for 3.5 SATA Hard Drives

Fujitsu LifeBook A Series

MBB100 / DSM800 Update Instructions

XPC User Guide. For the : SH67H3/SH67H7

Firmware Update Guide

The following file is used for updating the boot loader: xboot.bin: XSTREAM development platform boot loader image

USB 3.0 to SATA III 2.5 SDD/HDD Adapter Cable

RAID Configuration. RenderCube XL Rev. 2 Dual CPU

Transcription:

Hiddn SafeDisk Installation Manual Version 2.1.5 24. April 2018

1. Introduction This document will explain what is delivered, how units are initialized (loaded with certificates) and some alternatives for installing an operating system. The Card Management System (CMS) Administrator is responsible for providing the required smart cards for initialization of the Hiddn SafeDisk units. For guidance on how to use the CMS to program CO Cards, please see the CMS manual. When working with the Hiddn SafeDisk product, it is important to remember that once the PIN/password is accepted and data encryption keys are loaded, the keys stay active until powered off. This means the keys will survive a reboot, which might occur frequently during installation of operating system or restoring backups. However, the slightest loss of power to the drive will cause the encryption keys to be cleared. 2. Physical Installation of the Hiddn SafeDisk Prior to initializing the Hiddn SafeDisk, the original hard drive of the computer must be removed and replaced with the Hiddn SafeDisk unit. Please consult your computer manufacturer s manual for instructions on how to remove and replace hard drives. 1. Make sure the computer is powered off 2. Remove the hard drive cover from the outside of the computer 3. Remove the original hard drive from the computer 4. Move any rubber or plastic parts from the original drive to the Hiddn SafeDisk 5. Gently insert the Hiddn SafeDisk unit 6. Press firmly at the end of the Hiddn SafeDisk unit to ensure that the connector is properly inserted. 7. Reattach the hard drive cover and fasten any screws The physical installation is now completed. 3. BIOS/UEFI Configuration Before the Hiddn SafeDisk is ready for use you need to ensure that the SATA mode setting is correct. 1. Power on your computer 2. Enter BIOS/UEFI, usually by pressing F2. 3. If Secure Boot option is present, disable it. 4. If SATA mode option is present, set it to AHCI. RAID mode is not supported. If it fails, try IDE. IDE mode might also be called Native, Legacy or Compatibility. 5. Save settings and EXIT If you experience problems, try upgrading BIOS to latest version then load default settings and start over. Page 2 of 12

4. Initialization and OS Installation 4.1 Preparing the installation media For successful installation of an operating system, verify that the computer is able to boot from the installation media. There are two ways to boot from a specific device: 1. Most computers will let you enter a boot menu by pressing F12 during startup. Some manufacturers use another key. You can then select the correct boot media from a list. 2. Alternatively, configure BIOS/UEFI to always look for a connected USB, DVD or network bootable media in the boot order setting. A new installed Hiddn SafeDisk unit will be recognized as an unformatted disk drive without any boot sector. 4.2 First-time Initialization The first time you are using the Hiddn SafeDisk unit, you must go through an Initialization procedure, where you load certificates and configure the unit to allow User Cards to load data encryption keys into the unit. This is the Crypto Officer operation. 1. Power on your computer without installation media 2. Wait for the user interface to start and the message Waiting for Key Token. Please insert to appear 3. Insert the Crypto Officer Card and wait for Reading Crypto Officer Token 4. Enter PIN when prompted and confirm with Enter 5. The process is confirmed by the message Initialization Started 6. Wait for the on-screen message Initialization Finished. Followed by Press F8 to adjust RTC 7. If adjustment of the Hiddn SafeDisk units RTC clock is needed, press F8 and follow the on-screen instructions. Note that all timestamps are/must be given in GMT. NB! If RTC time is outside period of SAM Certificate the module will not be functional. 8. Remove the Crypto Officer Card, confirmed by the message Waiting for Key Token. Please insert 4.3 OS Installation If installing a preconfigured Windows image, the SATA mode used when building the image must be match the mode set in the BIOS/UEFI. Different modes will result in blue-screen when booting, and this is a well-known problem with Windows and is not related to the Hiddn SafeDisk To install the Operating System, follow the instructions below to first load data encryption keys into the unit. 1. Insert the User Card, confirmed by the message Reading User Token 2. Enter PIN when prompted and confirm with Enter 3. Wait for the message Remove Key Token to continue to appear 4. Remove the User Key Token 5. Observe that the computer starts normally (i.e. looking for a bootable device) 6. Install the operating system from the selected media 7. It is recommended to load a preconfigured image e.g. over the LAN (PXE boot), make sure the OS power settings have disabled all settings for entering Sleep / Standby Mode. Page 3 of 12

4.4 Pre-boot security Once the OS is installed, it is recommended to disable all external boot devices (USB, CDROM, DVD, Netboot, PXE ) in the BIOS/UEFI settings, and to set the BIOS/UEFI password. This will normally also reduce boot time by several seconds. 5. Display Status Information After power up it is possible to display information about the installed Hiddn SafeDisk unit by using the following keys when the message Waiting for Key Token. Please insert is displayed: Pressing the F10 key ( F2 before initialization) will display the following information about the Hiddn SafeDisk List of version numbers for the different components, serial number, time and platform: CM version 2.1.1.6 CM HW version: 2.1.0.10 CM FW version: 2.1.0.23 SAM version 1.0.2.6 SKR version: 2.2.0.3 CM serial: XXXX-XXXX-XXXX-XXXX CM life cycle: User mode RTC time: XX.XX.XXXX XX:XX:XX SKR platform: BIOS Pressing the t key will display the following temperature information stored by the Hiddn SafeDisk Current temperature Current session max and min temperatures Previous session max and min temperatures Historical max and min temperatures Pressing the c key will display the following information on certificates stored in the Hiddn SafeDisk CM2 certificate to/from validity dates Revoked certificate list RTC time Page 4 of 12

6. Zeroization Zeroization clears all certificates and configuration, and reverts the unit to Personalization state. There are two ways to Zeroize (reset) the Hiddn SafeDisk unit by pressing a physical button or using a Zeroize CO card. 6.1 Physical button For the SafeDisk with product number starting with SDM0-0 the Zeroize button is located close to the hole as indicated by the black arrow. For the SafeDisk with product number starting with LT02-0 the Zeroize button is located at the end of the unit and for the LT02-1 unit on the side. The Zeroize button is pressed using a paper clip through the small hole. 1. Zeroize button needs to be pressed 1-2 seconds while the unit is powered on. 2. On Zeroization, the LED will blink green as the Zeroize process is started followed by red blinks indicating that zeroization has completed. 3. Crypto Module is ready for re-initialization 6.2 Zeroize CO card 1. The CMS Zeroize action will produce a CO card with a signed Zeroize command targeted for the specific Crypto Module. All the certificates and key material is cleared for this CM2, and it is possible to start over and generate a new Initialization card for it. 2. Power on your computer. 3. Insert the Zeroize Key Token when the message Waiting for Key Token. Please insert appears on the screen. 4. Reading Crypto Officer Token 5. Enter PIN: 6. By performing this action, all data on the Crypto Module will be lost! Are you sure that you want to zeroize the Crypto Module? (Y/N) 7. Zeroizing Finished. Crypto Module is ready for re-initialization Current RTC time is : XX.XX.XXXX XX:XX:XX No valid SAM Certificate could be read. Is CM2 initialized? 8. Press F8 to adjust RTC or remove token to continue NB! If RTC time is outside period of SAM Certificate the module will not be functional. Page 5 of 12

7. Firmware Upgrade To upgrade the firmware of the Hiddn SafeDisk you need the original initialization CO Card or a new Update CO Card and a Upgrade USB stick from your organization. 1. Power on your computer and insert the Upgrade USB stick into a USB port (For product versions below 2.1.2.0, a USB 2.0 port must be utilized) 2. When Waiting for Key Token. Please insert appears, press U to start the Upgrade process. Note that it can take up to 5 seconds from the USB stick is inserted until the system detects it. 3. Searching for upgradefile ok Reading upgradefile. OK Upgrade version: 2.1.1.9 Current CM2 version: 2.1.1.6 4. Insert a Crypto Officer card when Insert a CO card to authorize upgrade Verifying smart card before upgrade Reading Crypto Officer Token 5. Enter PIN when prompted and wait for the initialization to finish. Your user certificate will expire in XXXX days. User certificate validity dates: From: XX.XX.XXXX XX:XX Until: XX.XX.XXXX XX:XX The current time of CM2 is XX.XX.XXXX XX:XX:XX CO card authenticated Searching for upgradefile. ok Reading upgradefile..ok 6. Press y to continue with upgrade Installing CM2 upgrade Please do not power of or unplug your computer until upgrade is finished. Installing FPGA image (xxxxxxxxxx bytes) [ XX%] Verifying image signature ok Installing SKR image (xxxxxxxxxxx bytes) [ XX%] Verifying image signature ok Installing SAM image (xxxxxxxxxxx bytes) [ XX%] Verifying image signature ok Upgrade complete. Press any key to shut down computer Page 6 of 12

8. Cloning an existing system disk This chapter describes a quick guide for cloning an existing Windows disk (source) to an encrypted Hiddn SafeDisk. This description uses free open source applications publicly available. Several other tools exist and can be used following the same principles as described below. Active@ Disk Image is a recommended commercial product which is easy to use and can be used to both clone and resize in one operation. 8.1 Backup the entire source disk The file system of the source disk will be resized in order to make if fit on the destination disk. All such operations introduce a potential risk of data loss. Backup your entire source disk before proceeding. 8.2 Reduce the amount of data on the source disk The source disk cannot contain more data than will fit on Hiddn SafeDisk, in this example, 119 GB. Note that by using a larger capacity Hiddn SafeDisk this step reducing partition size might be skipped. 8.3 Reduce the partition size of the source disk Open Windows Disk Management from Control Panel or by right clicking My Computer and selecting "Manage...". Right click the partition you want to reduce and select "Shrink Volume..." Then, enter the amount of MB to reduce the partition size with. In this example, a new total size of 118 GB is selected to have some margin. Page 7 of 12

After selecting "Shrink", the process starts. If shrinking fails, this might be due to files that are currently in use by Windows can't be moved. In this case, the GParted Live USB can be used to reduce the partition size. Page 8 of 12

8.4 Clone from source disk to Hiddn SafeDisk Make the following connections: Connect the Hiddn SafeDisk to the computer via SATA Connect the source disk to the computer via SATA/USB/eSATA Connect Clonezilla Live USB to computer (Use "tuxboot" or "rufus" to create bootable Clonezilla USB disk) First, boot computer from the Hiddn SafeDisk and authenticate with User Key Token and PIN code. When the computer restarts, boot from the Clonezilla USB disk. In Clonezilla, select expert mode and set option "icds" to not check size of destination disk. If asked to copy bootloader, select "yes". 8.5 Test Hiddn SafeDisk When cloning is finished, disconnect source disk and the Clonezilla Live USB disk and reboot. Windows should now boot encrypted from the Hiddn SafeDisk. Note 1: Shrinking a partition might be a very slow process. If possible, use a larger SSD to be able to skip this step of the cloning process. Note 2: If the original drive is encrypted using BitLocker or similar software encryption product, be careful to deactivate the protection mechanisms and decrypt the drive before starting the cloning process. When finished, remember to reactivate the integrity checking features in e.g. BitLocker for protecting the OS boot files and drivers. Page 9 of 12

9. Power Settings One of the main security features with the Hiddn SafeDisk is that the data encryption keys are cleared when the power to the SafeDisk is lost. This renders the unit useless for an attacker not having the User Key token and the PIN/passphrase. Both Sleep and Hibernate will make the machine cut power to the SafeDisk. When power to the SafeDisk is restored the keys are no longer in the SafeDisk and needs to be retransmitted from the User Card. Sleep however does not boot from the SafeDisk and therefor the keys are not transferred to the SafeDisk. Because of this behavior the SafeDisk will be unreadable after returning from Sleep. Hibernate or power off must be used instead to be able to use the SafeDisk Sleep mode is under all circumstances a security risk, hence most security aware organizations already have deactivated sleep mode as a corporate policy. Hibernate mode is very similar to sleep, but instead of saving your open documents and running applications to your RAM, it saves them to your hard disk. This allows your computer to turn off entirely, which means once your computer is in Hibernate mode, it uses zero power. Once the computer is powered back on, it will resume everything where you left off. It just takes a bit longer to resume than sleep mode does (though with an SSD, the difference isn t as noticeable as it is with traditional hard drives). Hibernation with a fully encrypted drive should be acceptable from a security point of view and is supported by the Hiddn SafeDisk. 9.1 Disable Sleep 9.1.1 Using GPO in Active Directory (IT Admin only) Start "Group Policy Management" on Domain Controller then edit Default Domain Policy or create new Policy Navigate to: Computer Configuration - Policies - Administrative Templates - System - Power Management - Sleep Settings 9.1.2 Locally on a Windows Computer Start "Edit Group Policy (gpedit.msc)" Navigate to: Computer Configuration - Administrative Templates - System - Power Management - Sleep Settings Page 10 of 12

Page 11 of 12

Trademark Disclaimers Hiddn Security and the Hiddn logo and graphics are trademarks of. Disclaimer Hiddn Security accepts no liability for any consequential, incidental, direct or indirect damage (including loss of business profits, business interruption, loss of business information and similar events causing losses to business) arising from any action and/or inaction based on information contained in this document. Hiddn Security does not accept any liability for any loss of data and/or company and/or personal information that may result from any action and/or inaction based on information contained in this document. Users are instructed to make backups of all data prior to installation of any device or product described herein. All Hiddn SafeDisk parts are Hiddn Security s parts, and Hiddn Security does not accept any liability for any direct or indirect loss related to the handling and/or mishandling of any of the parts and/or a combination of the parts provided in this package. Hiddn Security reserves the right to, at any time and without notification; change its offer and/or price and/or availability of parts. Note: Hiddn Security has the responsibility that this equipment complies with the FCC criteria for radiation and any user made changes or modifications to this equipment that is not expressly approved by Hiddn Security could void the user s authority to operate this equipment. Contact Information: E-mail: Website: support@hiddn.no http://www.hiddn.no Page 12 of 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback