How can I take advantage of Full Disk Encryption used on SSDs?

2

Both my OCZ Vertex 2 240GB (with it's SF-1200 series controller) and my Intel SSD 320 support full disk AES encryption. I would like to use BitLocker on this laptop to prevent data theft, but BitLocker destroys performance on SandForce drives like the Vertex 2, and significantly impacts performance on drives like Intel's because the CPU is being used for encryption (affecting things like DMA).

Given that these drives already are doing hardware AES encryption of the data on the disk, how can I take advantage of that to prevent someone from stealing data off my laptop?

Billy ONeal

Posted 2011-08-16T02:00:44.687

Reputation: 7 021

Answers

1

At the moment, only the Intel 320 SSD supports this, as described here:

set a SATA password to enable the onboard AES-128 encryption... [then] do a secure erase and set your own password

the ATA password is stored on the drive as a non-reversible hash, so you won’t be getting the password off the drive. And the password is used to encrypt the encryption keys on the drive, so just bypassing the password, if it were possible, would yield gibberish.

SandForce drives, such as the Vertex 2, do encrypt the full drive contents, but do not provide the sort of security you are looking for. At the moment, the encryption feature is only useful for a quick secure erase of the drive.

sblair

Posted 2011-08-16T02:00:44.687

Reputation: 12 231

1

If your drive uses AES, then put in the password that you want it to use and there is nothing else that needs to be done...

soandos

Posted 2011-08-16T02:00:44.687

Reputation: 22 744

You could use bitlocker, but then lose quite a bit of performance. Its up to you as to what to do. Alternatively, you can use a remote support application to do the remote part. – soandos – 2011-08-16T06:19:31.227

Asked: 2011-08-16T02:00:44.687

Viewed: 2 878 times

Active: 2011-08-16T14:33:17.510