SSD AES-256 hardware encryption - how to configure?

7

6

Recently, I bought Plextor M5 Pro with hardware full-disk AES-256 encryption. Installed it in my laptop, where I have no HDD BIOS password set. From what I read around it seems that the encryption is invisible for the OS and the HDD BIOS password is useless if my laptop get stolen. The AES-256 encryption keys are stored on the drive itself.

What I would like to know is how to configure the built-in encryption. How to make sure my data is protected?

The OS, although irrelevant in this case, is Ubuntu 12.04, 64-bit. The laptop is HP Compaq nc4400. The BIOS has master password set, but no HDD one.

grs

Posted 2012-10-06T18:52:47.850

Reputation: 1 092

maybe man hdparm will yield some results. I am not sure but there are two parameters mentioned there: One is --security-unlock PWD and the other --security-set-pass PWD. Also bear in mind that by trusting the AES in your drive you trust the company which made the product. With a modern AES_NI enabled intel cpu you might at a slight expense be able to have a maybe more trustworthy protection. Of course all depends on the value of your data :) – humanityANDpeace – 2012-10-08T13:19:33.227

Answers

10

In the best case, which is probable for the Plextor M5 Pro, because they advertise it as such, the AES keys are encrypted by your ATA (HDD) password. Also see the security graphic under "AES Data Encryption" on the M5 Pro website: http://www.plextor-digital.com/index.php/en/M5-Pro/m5-pro.html -- it looks like they're implying that the ATA password is somehow linked to the AES key. It would be nice to get some official confirmation though.

You can see here for example that the Intel 320 SSD follows the correct strategy (ATA password stored hashed, and used to encrypt AES key): http://communities.intel.com/message/120689#120689

I also have reason to believe that the Intel 520, the Samsung 540 Pro and the Kingston 200V+ do it the right way too, but I'm desperately trying to find more confirmation.

Here you can see that OCZ has NOT encrypted the AES key with the ATA password, even going so far as to say that there is no relation between the two: http://www.ocztechnologyforum.com/forum/showthread.php?71788-SandForce-encryption-info&p=507570&viewfull=1#post507570

I've put together a blog post to collect information about the hardware encryption on an number of current SSDs: http://vxlabs.com/2012/12/22/ssds-with-usable-built-in-hardware-based-full-disk-encryption/

Charl Botha

Posted 2012-10-06T18:52:47.850

Reputation: 321

@CharlBotha Would you be able to shed any light on my question? http://superuser.com/questions/692172/how-do-i-encrypt-a-samsung-evo-840-ssd I believe that the Samsung Evo 840 with latest firmware and Magician in theory now meets your criteria, but I can't get it to work.

– Stephen Kennedy – 2013-12-23T12:05:34.763

http://www.custompcreview.com/news/samsung-updates-magician-enables-rapid-840-pro-encryption-840-evo/19631/ has the info which makes me think the 840 now belongs on your list. – Stephen Kennedy – 2013-12-23T12:09:20.633

Asked: 2012-10-06T18:52:47.850

Viewed: 10 421 times

Active: 2019-01-18T10:52:03.447