1
I have a new Samsung 850 Evo and would like to do a clean install. This time, I want full drive encryption enabled. So reading through the options, the most obvious one was: enable a hdd password in the bios / uefi and according to Samsung this would enable AES-256 encryption.
So I went into the bios of my Asus P8Z77-V Pro and set a admin and user password and installed windows. However when I then (on the same machine) booted a live debian and mounted the new SSD (read-only) I could access all the folders in "clear-text". So what went wrong there?
How can I check that my motherboard supports the necessary feature? (its not THAT old, so I think it should be able to do it).
What alternatives are there (ideally so that when I need to attach the drive to another system to rescue data it should work out of the box, i.e. without having to install bitlocker on unix or something..)
Did you set a hard drive password in your bios, not just a "view/change bios" password? Are you typing in the password at every boot? If it's a hard drive password then after booting the whole drive is probably decrypted for whatever's running (win/linux/etc). Last I read about the built-in encryption on those drives, using the bios was the best (only?) way, and a big advantage is that you don't have to use any programs like bitlocker. The only alternative would be to upgrade the bios, or get a motherboard that does support it – Xen2050 – 2017-02-23T14:05:24.087
See http://superuser.com/questions/692172/how-do-i-encrypt-a-samsung-evo-840-ssd?rq=1 and http://superuser.com/questions/1007792/how-to-enable-ssd-encryption
– Xen2050 – 2017-02-23T14:20:34.280@Xen2050 in the bios you can set an admin password and a user password. I wondered if the user password might be actually the hdd password, but apparently the only difference is, that you have to type in the user password as well at each boot. I connected the "supposed to be encrypted" drive using a usb-sata adapter after booting unix. – Xaser – 2017-02-23T21:25:10.123
That does sound like a regular bios/boot password only, not a hard drive password, since the drive's still visible (unencrypted) with the usb adapter - you could be 100% sure by checking on another computer. Another bios or motherboard may be the easiest way to get the hard drive password going, or it's possible it's buried in your current bios somewhere (they're not always well designed & clear), or I think a linked Q mentions other programs/ways to access a hard drive password (ata password I think?) but those may need to boot & run before the encrypted drive would be decrypted...? – Xen2050 – 2017-02-24T16:51:42.297