There is ABSOLUTELY NO NEED TO REMOVE ANY OF YOUR DRIVES FROM YOUR RIG to check whether or not it is a SED drive and to check its encryption status!
The easiest and SAFEST way to verify if any of your drives is a SED [Self-Encrypting Drive] and its encryption status is to use the Linux command "hdparm":
1) from any WINDOWS OS:
1.a) Download the ISO file for the latest Linux Mint Xfce 64-bit OS from https://linuxmint.com and either burn the ISO file to a DVD or use Rufus to create a bootable USB from the ISO file.
1.b) Boot from the bootable DVD/USB and follow the instructions below [in a Dell M3800 with the "Hard Drive Password" set, you will still be asked for the drive password at boot-up].
2) from any recent Linux Mint OS [17.x, 18.x, 19.x]:
[examples: "/dev/sda", "/dev/nvme0", etc]
run the command to find the status of your SSD:
sudo hdparm -I /dev/xxxx
You will be requested to enter your admin username and password;
If you are booting from the Live DVD/USB ISO file you burned the username is lowercase "mint" and there is NO password - simply hit "enter";
On the command above "xxxx" is the name of your SED drive; watch out for typos: the "-I" above is a Capital "i", NOT a lowercase "L" or a digit "one"
The typical output of the hdparm command above for a SED drive will be:
"Security:
Master Password Revision Code: 65534
supported
enabled
not locked
frozen
not expired: security count
supported: enhanced erase
Security level high
xMin for SECURITY ERASE UNIT. xMin for ENHANCED SECURITY ERASE UNIT
Logical Unit WWM Device Identifier: xxxxxxxxxxxxx
NAA: x
IEEE OUI: xxxxx
Checksum: correct"
If the results of your drive are similar to above, your HD or SSD drive is an self-encrypted drive, the drive is self-encrypting your data on-the-fly and your drive have no errors.
If the commands returns an error without returning any output or if the fist line of the output says "not supported" it means your drive is NOT a SED drive.
BTW (1): BEWARE of setting your SED "Hard Drive Password" through BIOS, especially on any LENOVO THINKPAD's [some of these LENOVO THINKPAD's notoriosly ADDS an EXTRA bit to the character of your chosen password, effectively BRICKING the SED drive, unlees that drive has on its label a PSID "factory reset" password which allows you to unlock and reset the drive - but you WILL loose ALL THE DATA on that drive!].
The SAFEST way to set encryption on a SED drive that the command "hdparm" returns an output of "NOT ENABLED" is, again, to use the "hdparm" command, as below:
1) UNFREEZE the hard-drive by SUSPENDING the computer for a few seconds. When you resume the status of the drive at "hdparm -I /dev/xxxx" will say "UNFROZEN"
2) Run the command to set up the SED encryption:
sudo hdparm --user-master u --security-set-pass 'PASSWORD' /dev/xxxx
where xxxx is the name the name of your SED drive and PASSWORD is the password you want to it (DON'T FORGET TO ENCLOSE YOUR CHOSEN PASSWORD WITH SINGLE QUOTES!).
Afterwards simply the command "hdparm -I /dev/xxxx" to check the status of your encryption: it should say "ENABLED".
Later, if you decide to SAFELY remove the encryption without losing your data, run the command:
sudo hdparm --security-disable 'PASSWORD' /dev/xxxx
where xxxx is the name of the drive and PASSWORD the password you've chosen to use: the drive status on the "hdparm -I /dev/xxxx" output will be "SUPPORTED", "NOT ENABLED".
BTW (2): if you own MULTIPLE encryption-enabled SED's on your rig (like me with my four Samsung EVO 960 1TB M.2 NVMe's plus one Seagate Momentus 4TB as a backup on my Dell Precision M6800 Mobile Workstation) and you do not want at boot-up to input multiple times the password to unlock your SED's, simply choose the SAME password in all your SED hard-drives. This way you will only need to input your hard-drive password ONCE and ALL your SED's drives will unlock!
You can not, just because it looks encrypted, and you can not make sense of the data, does not mean that it is encrypted (see microsoft barny). Have you considered putting user data in a separate partition and encrypting that in software. There is no need to encrypt the OS, as this is public data already. Also if someone gets hold of you computer they can inject a man in the middle, so do not trust it when you get it back. – ctrl-alt-delor – 2015-10-10T22:10:03.203
Well I didn't mean mathematically verifiable... just verifiable in the sense that I cannot go, "oh, look, it's not trivially identifiable as an NTFS (or whatnot) filesystem and here are the contents of foo.txt".
A Windows tool or BIOS screen that says "harddrive status: encrypted" would work, too, for my purposes as a crypo layman. – mwhidden – 2015-10-10T23:29:13.590