I'd be very worried about special proprietary drives like these that have an encryption/decryption chip. What if the chip fails? How easy will it be to read the bytes off of a drive if it fails in the future? Here are my solutions instead:
On a Mac (Lion+), use FileVault 2. It provides pre-boot full drive encryption.
On Linux, use dm-crypt/LUKS. Why oh why is this still not easy to set up?
On Windows, use TrueCrypt full drive pre-boot authentication.
On an Android phone (ICS+), use the new android full drive encryption.
Ubuntu does as well, with a choice between home directories only or the whole disk. It's not actually that hard to set up dm-crypt manually, although not something I'm about to suggest to my grandmother.
I do the first option (VileFault 2 on Lion), but I don't trust closed-source encryption software. Who knows if CBP can read my files because Apple does or does not do key escrow? It's terrifying, considering what's happening to people like that creepy media slut Jake Appelbaum at the hands of the CBP.
Even though I use filevault, I keep my SSH keys and GPG keys encrypted, and I GPG encrypt anything I wouldn't want the cops reading.
What if you forget your password? You should have backups (and not just a backup password).
On Linux, use dm-crypt/LUKS. Why oh why is this still not easy to set up?
It is very easy IMO (the only differing steps are creating a crypted container and opening it). I think you mean to ask why it is not an available option in most distros' graphical installers.
Friends don't let friends use snake oil encryption, like the kind offered by "on-disk" solutions. That thing even has key escrow - either cheaply-implemented 'trusted' hardware, or a second 'secret' key known by every copy of the unlocking software! There's little impetus for widespread analysis of any of these proprietary solutions, as there's too many models to focus on. If you actually want to protect your data, stick with the standard software FDE for your OS - it should be a one-click option (and hopefully the default) at installation time.
Wouldn't that mean that the manufacturer still has the secret key? That would make you vulnerable to government agencies,... and it is not the case if you use truecrypt or dm-crypt/luks.
That would be preferable, and would have the same properties as keeping a non-passphrase-encrypted copy of your LUKS key elsewhere (possibly a central repository), but would reduce the usability of their software that can 'unlock whole fleets of drives'. And there's no guarantee that there isn't even a secret third unencryption method, companies love to have future options.
I have this from Wave Systems on my 6 year old Dell laptop. Secured with finger print scan at boot time (or password). Used it for a while but then after the first rebuild of the OS I switched the feature off.
If someone has a recommendation for one of these drives with decent performance that would be great. We have some with spinning disks in laptops, and I would love to be able to upgrade to an SSD based one.
Some work on Linux too, but so far I haven't found a good SED solution for Mac OSX, which is what I care about on laptops now. The lack of a traditional BIOS complicates things.
On a Mac (Lion+), use FileVault 2. It provides pre-boot full drive encryption.
On Linux, use dm-crypt/LUKS. Why oh why is this still not easy to set up?
On Windows, use TrueCrypt full drive pre-boot authentication.
On an Android phone (ICS+), use the new android full drive encryption.
On an iPhone, I imagine you're SOL?