I've been reading up on Self Encrypting Drives and I'm having trouble understanding how the Shadow MBR is not a security problem.
I found these slides which indicate that the Shadow MBR is stored in clear text (which makes sense because it needs to be presented before the password is given to unlock the drive). Give than, it seems like it should be vulnerable to the Evil Maid Attack on defeating whole disk encryption.
That post deals with software based FDE, but the principal should be the same: find the one piece of software that isn't encrypted and replace it with something malicious.
However, from this post, the Shadow MBR is supposed to be inaccessible:
The MBR shadow is a 128 MB area that is totally “off the map”. If the OS or a virus were to read each LBA on the drive from LBA 0 to MAX LBA it would still not to be able to see it or modify it.
Problem solved! Except, here is where things get confusing (for me). This post on unlocking SEDs, has this to say:
When a SED is configured with pre-boot authentication, only the 128MB OPAL “MBR Shadow” volume is visible to the OS
So, which is it? Is the Shadow MBR totally "off the map" or is it the only thing visible to the OS? And, if it's visible and mountable at the OS level, what is to stop an attacker from replacing your PBA with their own?