This does not compute. The linked page says "Seagate Secure™ encryption hard drives keep your data safe even if your drives are lost, stolen, or misplaced." This and other documentation, including the FAQ at http://www.seagate.com/docs/pdf/whitepaper/mb605_fips_140_2_..., constantly refer to physical drives getting out of users' control.
That FAQ describes the levels of security defined by FIPS 140-2 as:
> Level 2 requires role-based authentication. (Individual user authentication is not required.) It also
requires the ability to detect physical tampering by using physical locks or tamper-evident seals.
> Level 3 adds physical tamper resistance to disassembly or modification ....
> Level 4 includes advanced tamper protection and is designed for products that operate in physically
unprotected environments.
Why is this not Level 4? Theft or loss are situations in which the product is in the most physically unprotected environment possible. It's in your attackers' clean room or EE lab, having the TPM die exposed, the keys read out, and the controller glitched to decrypt all the data.
Why wouldn't/couldn't Seagate get Level 4 protection for this device?
That FAQ describes the levels of security defined by FIPS 140-2 as:
> Level 2 requires role-based authentication. (Individual user authentication is not required.) It also requires the ability to detect physical tampering by using physical locks or tamper-evident seals.
> Level 3 adds physical tamper resistance to disassembly or modification ....
> Level 4 includes advanced tamper protection and is designed for products that operate in physically unprotected environments.
Why is this not Level 4? Theft or loss are situations in which the product is in the most physically unprotected environment possible. It's in your attackers' clean room or EE lab, having the TPM die exposed, the keys read out, and the controller glitched to decrypt all the data.
Why wouldn't/couldn't Seagate get Level 4 protection for this device?