Examples include Viasat UK (formerly Stonewood Electronics) with their FlagStone, Eclypt[4] and DARC-ssd[5] drives or GuardDisk [6] with an RFID token.
The concept can be seen on [7] The encryptor bridge and chipset (BC) is placed between the computer and the standard hard disk drive, encrypting every sector written to it.
The data is safe because all of it, even the OS, is now encrypted, with a secure mode of AES, and locked from reading and writing.
[10] Without the old key, the old data becomes irretrievable and therefore an efficient means of providing disk sanitisation which can be a lengthy (and costly) process.
For example, an unencrypted and unclassified computer hard drive that requires sanitising to conform with Department of Defense Standards must be overwritten 3+ times;[11] a one Terabyte Enterprise SATA3 disk would take many hours to complete this process.
Although the use of faster solid-state drives (SSD) technologies improves this situation, the take up by enterprise has so far been slow.
[14] Researchers at Universität Erlangen-Nürnberg have demonstrated a number of attacks based on moving the drive to another computer without cutting power.
[14] Additionally, it may be possible to reboot the computer into an attacker-controlled operating system without cutting power to the drive.
An attacker can take advantage of this to gain easier physical access to the drive, for instance, by inserting extension cables.
If data is encrypted by the operating system, and it is sent in a scrambled form to the drive, then it would not matter if the firmware is malicious or not.
In addition, implementing system wide hardware-based full disk encryption is prohibitive for many companies due to the high cost of replacing existing hardware.