2
1
I've placed an Intel 660p drive in a Lenovo T480s. I can't figure out whether encryption is already in place, or if it's not, whether and how I can enable it.
- Lenovo's FDE (full disk encryption) FAQ says:
Any ThinkPad notebook that uses Serial ATA (SATA) hard drives can use an FDE drive; however, the FDE menu enable utility is only supported on some systems
My T480s is not listed under supported systems but T400/410 etc are so I don't fully trust the page, it may be outdated.
- Various Intel 660p product pages as well as reviews say that
The 660p features AES-256 encryption with Pyrite 1.0 and 2.0 support, which is a nice addition for the security conscious, but this is not useful since Pyrite seems to be a specification which is not mentioned by the manufacturer (Lenovo), nor do I see such support with other laptops. - Another SE question is useful in saying encryption would work out-of-the-box if the BIOS "ATA password" is set but I have no such password option, also the question refers to a different Intel SSD, the Intel 520. Also, the 660p is not a SATA drive - it is NVMe, but again, I don't know how this is relevant - do NVMe drives not require cooperation of the host system to implement encryption?
- The question has also been asked here but with no answer.
haelix
Posted 2019-04-22T16:06:14.540
Reputation: 268
This is obviously a dupe (as indicated in the question itself) of this question, but this one contains more info. The user of the other question doesn't have an account on SuperUser yet, only on the security site. I'll leave it up to more experienced SU users to choose :)
– Maarten Bodewes – 2019-04-23T14:49:12.627@MaartenBodewes you are right, but I tried to show more research. My conclusion so far (but without authoritative references)) is that the drive does not provide encryption. The question you refer to mentions that in Microsoft land Bitlocker is used for this drive, which is software, lazy encryption method. I am using Linux and adding dm-crypt/LUKS partition-wise to my setup. – haelix – 2019-04-23T17:21:04.650
I'm pretty sure that the drive does provide encryption. Each and every Intel SSD so far has offered it, including the G2 in my old laptop. – Maarten Bodewes – 2019-04-23T17:30:09.377
I got as far as reading this - https://www.winmagic.com/blog/opalite-pyrite-sed-specifications-simplified/ - including the linked document where it says "Download full Pyrite SSC Specification FAQ". The Pyrite description is underwhelming - at best, Pyrite is a downscale/subset of Opal and Opalite. For example, the spec of my previous drive, a Samsung SSD 850 EVO, explicitly states AES 256‐bit Full Disk Encryption and TCG/Opal V2.0, Encrypted Drive (IEEE1667). The Intel doesn't say any of that.
– haelix – 2019-04-23T17:42:58.663True, but if you say that "the drive does not provide encryption" while the Intel specs claim hardware AES-256 encryption then something is going wrong. – Maarten Bodewes – 2019-04-23T17:46:04.250
@MaartenBodewes what you're saying is precisely my question. Do the Intel specs claim hardware AES-256 encryption (that one can actually use)? I cannot find it. I.e. I can't find a way to use it, if it exists. – haelix – 2019-04-23T17:55:54.687