“Q: Is hardware FDE vulnerable to the DRAM freezing attack?”

“A: No. The drive memory and components of the Momentus 5400 FDE.2 drive are mounted in a way that would require a hacker to remove the drive’s PCBA (printed circuit board assembly) and flip it over in order to gain access — a process that would cut off power to the drive, locking it and removing the encryption keys from drive memory. In addition, the Momentus 5400 FDE.2 drive keeps encryption keys in drive memory for as short a time as possible and overwrites the key with zeros after each use. Because keys can be contained in drive memory, Seagate carefully secures the drive using hardware and software mechanisms to prevent access to drive memory by all but authorized users.”

Nice, but notice the last sentence… “all but authorized users.” How does the drive tell who is authorized and who isn’t?

Option 1: The trusted module is secure, but it has low complexity and a narrow interface, and cannot be in the loop in modern computing situations like browsing the web.

Option 2: The trusted module does all sorts of cool stuff, but it has high complexity which means that it has a wide profile of exposure to both physical attacks (side-channel, etc) and logic attacks (programming bugs).

By the way, if there’s anyone out there who thinks that bugs are a software phenomenon and hardware doesn’t have bugs, think again. And the distinction between exploitable bugs versus non-exploitable bugs is not worth defining. Complex hardware will have exploitable flaws.
So options 1 and 2, above, are mutually exclusive. Trying to make a PC into a giant TPM on ‘roids is not going to get us anywhere.

By the way, it is interesting to think about the traditional TPM-style of bootstrapping trust and then growing the trusted perimeter outward, by authenticating the other components. I have always felt that this is bogus. We all know that it is impossible to do complete testing of a black box. Trusted computing-style initialization generally just runs some basic authentication algorithm between the TPM and the peripherals. This does not verify anything about what their behavior will be. There is an assumption made, that an attacker could not arrange for his malicious functionality to run in chip, while preserving the authentication handshake. This is basic. It is the difference between authentication and trust.

On a related note, what does it mean to authenticate a piece of logic? If the logic is a little bit changed, is it still authentic? With human authentication, this reduces to the old philosophical problem of personal identity. (If you had my thoughts and my memories and my feelings, would you be me? Surely identity is not physical, is it?) But for information systems, authentication, identification, and verification are all deeply intertwined.