SSD AES-256 hardware encryption - how to configure?












7















Recently, I bought Plextor M5 Pro with hardware full-disk AES-256 encryption. Installed it in my laptop, where I have no HDD BIOS password set. From what I read around it seems that the encryption is invisible for the OS and the HDD BIOS password is useless if my laptop get stolen. The AES-256 encryption keys are stored on the drive itself.



What I would like to know is how to configure the built-in encryption. How to make sure my data is protected?



The OS, although irrelevant in this case, is Ubuntu 12.04, 64-bit. The laptop is HP Compaq nc4400. The BIOS has master password set, but no HDD one.










share|improve this question

























  • maybe man hdparm will yield some results. I am not sure but there are two parameters mentioned there: One is --security-unlock PWD and the other --security-set-pass PWD. Also bear in mind that by trusting the AES in your drive you trust the company which made the product. With a modern AES_NI enabled intel cpu you might at a slight expense be able to have a maybe more trustworthy protection. Of course all depends on the value of your data :)

    – humanityANDpeace
    Oct 8 '12 at 13:19


















7















Recently, I bought Plextor M5 Pro with hardware full-disk AES-256 encryption. Installed it in my laptop, where I have no HDD BIOS password set. From what I read around it seems that the encryption is invisible for the OS and the HDD BIOS password is useless if my laptop get stolen. The AES-256 encryption keys are stored on the drive itself.



What I would like to know is how to configure the built-in encryption. How to make sure my data is protected?



The OS, although irrelevant in this case, is Ubuntu 12.04, 64-bit. The laptop is HP Compaq nc4400. The BIOS has master password set, but no HDD one.










share|improve this question

























  • maybe man hdparm will yield some results. I am not sure but there are two parameters mentioned there: One is --security-unlock PWD and the other --security-set-pass PWD. Also bear in mind that by trusting the AES in your drive you trust the company which made the product. With a modern AES_NI enabled intel cpu you might at a slight expense be able to have a maybe more trustworthy protection. Of course all depends on the value of your data :)

    – humanityANDpeace
    Oct 8 '12 at 13:19
















7












7








7


6






Recently, I bought Plextor M5 Pro with hardware full-disk AES-256 encryption. Installed it in my laptop, where I have no HDD BIOS password set. From what I read around it seems that the encryption is invisible for the OS and the HDD BIOS password is useless if my laptop get stolen. The AES-256 encryption keys are stored on the drive itself.



What I would like to know is how to configure the built-in encryption. How to make sure my data is protected?



The OS, although irrelevant in this case, is Ubuntu 12.04, 64-bit. The laptop is HP Compaq nc4400. The BIOS has master password set, but no HDD one.










share|improve this question
















Recently, I bought Plextor M5 Pro with hardware full-disk AES-256 encryption. Installed it in my laptop, where I have no HDD BIOS password set. From what I read around it seems that the encryption is invisible for the OS and the HDD BIOS password is useless if my laptop get stolen. The AES-256 encryption keys are stored on the drive itself.



What I would like to know is how to configure the built-in encryption. How to make sure my data is protected?



The OS, although irrelevant in this case, is Ubuntu 12.04, 64-bit. The laptop is HP Compaq nc4400. The BIOS has master password set, but no HDD one.







ssd bios disk-encryption fde ata-security






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jan 18 at 10:52









͏͏͏

2,65611214




2,65611214










asked Oct 6 '12 at 18:52









grsgrs

9271814




9271814













  • maybe man hdparm will yield some results. I am not sure but there are two parameters mentioned there: One is --security-unlock PWD and the other --security-set-pass PWD. Also bear in mind that by trusting the AES in your drive you trust the company which made the product. With a modern AES_NI enabled intel cpu you might at a slight expense be able to have a maybe more trustworthy protection. Of course all depends on the value of your data :)

    – humanityANDpeace
    Oct 8 '12 at 13:19





















  • maybe man hdparm will yield some results. I am not sure but there are two parameters mentioned there: One is --security-unlock PWD and the other --security-set-pass PWD. Also bear in mind that by trusting the AES in your drive you trust the company which made the product. With a modern AES_NI enabled intel cpu you might at a slight expense be able to have a maybe more trustworthy protection. Of course all depends on the value of your data :)

    – humanityANDpeace
    Oct 8 '12 at 13:19



















maybe man hdparm will yield some results. I am not sure but there are two parameters mentioned there: One is --security-unlock PWD and the other --security-set-pass PWD. Also bear in mind that by trusting the AES in your drive you trust the company which made the product. With a modern AES_NI enabled intel cpu you might at a slight expense be able to have a maybe more trustworthy protection. Of course all depends on the value of your data :)

– humanityANDpeace
Oct 8 '12 at 13:19







maybe man hdparm will yield some results. I am not sure but there are two parameters mentioned there: One is --security-unlock PWD and the other --security-set-pass PWD. Also bear in mind that by trusting the AES in your drive you trust the company which made the product. With a modern AES_NI enabled intel cpu you might at a slight expense be able to have a maybe more trustworthy protection. Of course all depends on the value of your data :)

– humanityANDpeace
Oct 8 '12 at 13:19












1 Answer
1






active

oldest

votes


















10














In the best case, which is probable for the Plextor M5 Pro, because they advertise it as such, the AES keys are encrypted by your ATA (HDD) password. Also see the security graphic under "AES Data Encryption" on the M5 Pro website: http://www.plextor-digital.com/index.php/en/M5-Pro/m5-pro.html -- it looks like they're implying that the ATA password is somehow linked to the AES key. It would be nice to get some official confirmation though.



You can see here for example that the Intel 320 SSD follows the correct strategy (ATA password stored hashed, and used to encrypt AES key): http://communities.intel.com/message/120689#120689



I also have reason to believe that the Intel 520, the Samsung 540 Pro and the Kingston 200V+ do it the right way too, but I'm desperately trying to find more confirmation.



Here you can see that OCZ has NOT encrypted the AES key with the ATA password, even going so far as to say that there is no relation between the two: http://www.ocztechnologyforum.com/forum/showthread.php?71788-SandForce-encryption-info&p=507570&viewfull=1#post507570



I've put together a blog post to collect information about the hardware encryption on an number of current SSDs: http://vxlabs.com/2012/12/22/ssds-with-usable-built-in-hardware-based-full-disk-encryption/






share|improve this answer


























  • @CharlBotha Would you be able to shed any light on my question? superuser.com/questions/692172/… I believe that the Samsung Evo 840 with latest firmware and Magician in theory now meets your criteria, but I can't get it to work.

    – Stephen Kennedy
    Dec 23 '13 at 12:05











  • custompcreview.com/news/… has the info which makes me think the 840 now belongs on your list.

    – Stephen Kennedy
    Dec 23 '13 at 12:09











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f484332%2fssd-aes-256-hardware-encryption-how-to-configure%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









10














In the best case, which is probable for the Plextor M5 Pro, because they advertise it as such, the AES keys are encrypted by your ATA (HDD) password. Also see the security graphic under "AES Data Encryption" on the M5 Pro website: http://www.plextor-digital.com/index.php/en/M5-Pro/m5-pro.html -- it looks like they're implying that the ATA password is somehow linked to the AES key. It would be nice to get some official confirmation though.



You can see here for example that the Intel 320 SSD follows the correct strategy (ATA password stored hashed, and used to encrypt AES key): http://communities.intel.com/message/120689#120689



I also have reason to believe that the Intel 520, the Samsung 540 Pro and the Kingston 200V+ do it the right way too, but I'm desperately trying to find more confirmation.



Here you can see that OCZ has NOT encrypted the AES key with the ATA password, even going so far as to say that there is no relation between the two: http://www.ocztechnologyforum.com/forum/showthread.php?71788-SandForce-encryption-info&p=507570&viewfull=1#post507570



I've put together a blog post to collect information about the hardware encryption on an number of current SSDs: http://vxlabs.com/2012/12/22/ssds-with-usable-built-in-hardware-based-full-disk-encryption/






share|improve this answer


























  • @CharlBotha Would you be able to shed any light on my question? superuser.com/questions/692172/… I believe that the Samsung Evo 840 with latest firmware and Magician in theory now meets your criteria, but I can't get it to work.

    – Stephen Kennedy
    Dec 23 '13 at 12:05











  • custompcreview.com/news/… has the info which makes me think the 840 now belongs on your list.

    – Stephen Kennedy
    Dec 23 '13 at 12:09
















10














In the best case, which is probable for the Plextor M5 Pro, because they advertise it as such, the AES keys are encrypted by your ATA (HDD) password. Also see the security graphic under "AES Data Encryption" on the M5 Pro website: http://www.plextor-digital.com/index.php/en/M5-Pro/m5-pro.html -- it looks like they're implying that the ATA password is somehow linked to the AES key. It would be nice to get some official confirmation though.



You can see here for example that the Intel 320 SSD follows the correct strategy (ATA password stored hashed, and used to encrypt AES key): http://communities.intel.com/message/120689#120689



I also have reason to believe that the Intel 520, the Samsung 540 Pro and the Kingston 200V+ do it the right way too, but I'm desperately trying to find more confirmation.



Here you can see that OCZ has NOT encrypted the AES key with the ATA password, even going so far as to say that there is no relation between the two: http://www.ocztechnologyforum.com/forum/showthread.php?71788-SandForce-encryption-info&p=507570&viewfull=1#post507570



I've put together a blog post to collect information about the hardware encryption on an number of current SSDs: http://vxlabs.com/2012/12/22/ssds-with-usable-built-in-hardware-based-full-disk-encryption/






share|improve this answer


























  • @CharlBotha Would you be able to shed any light on my question? superuser.com/questions/692172/… I believe that the Samsung Evo 840 with latest firmware and Magician in theory now meets your criteria, but I can't get it to work.

    – Stephen Kennedy
    Dec 23 '13 at 12:05











  • custompcreview.com/news/… has the info which makes me think the 840 now belongs on your list.

    – Stephen Kennedy
    Dec 23 '13 at 12:09














10












10








10







In the best case, which is probable for the Plextor M5 Pro, because they advertise it as such, the AES keys are encrypted by your ATA (HDD) password. Also see the security graphic under "AES Data Encryption" on the M5 Pro website: http://www.plextor-digital.com/index.php/en/M5-Pro/m5-pro.html -- it looks like they're implying that the ATA password is somehow linked to the AES key. It would be nice to get some official confirmation though.



You can see here for example that the Intel 320 SSD follows the correct strategy (ATA password stored hashed, and used to encrypt AES key): http://communities.intel.com/message/120689#120689



I also have reason to believe that the Intel 520, the Samsung 540 Pro and the Kingston 200V+ do it the right way too, but I'm desperately trying to find more confirmation.



Here you can see that OCZ has NOT encrypted the AES key with the ATA password, even going so far as to say that there is no relation between the two: http://www.ocztechnologyforum.com/forum/showthread.php?71788-SandForce-encryption-info&p=507570&viewfull=1#post507570



I've put together a blog post to collect information about the hardware encryption on an number of current SSDs: http://vxlabs.com/2012/12/22/ssds-with-usable-built-in-hardware-based-full-disk-encryption/






share|improve this answer















In the best case, which is probable for the Plextor M5 Pro, because they advertise it as such, the AES keys are encrypted by your ATA (HDD) password. Also see the security graphic under "AES Data Encryption" on the M5 Pro website: http://www.plextor-digital.com/index.php/en/M5-Pro/m5-pro.html -- it looks like they're implying that the ATA password is somehow linked to the AES key. It would be nice to get some official confirmation though.



You can see here for example that the Intel 320 SSD follows the correct strategy (ATA password stored hashed, and used to encrypt AES key): http://communities.intel.com/message/120689#120689



I also have reason to believe that the Intel 520, the Samsung 540 Pro and the Kingston 200V+ do it the right way too, but I'm desperately trying to find more confirmation.



Here you can see that OCZ has NOT encrypted the AES key with the ATA password, even going so far as to say that there is no relation between the two: http://www.ocztechnologyforum.com/forum/showthread.php?71788-SandForce-encryption-info&p=507570&viewfull=1#post507570



I've put together a blog post to collect information about the hardware encryption on an number of current SSDs: http://vxlabs.com/2012/12/22/ssds-with-usable-built-in-hardware-based-full-disk-encryption/







share|improve this answer














share|improve this answer



share|improve this answer








edited Dec 22 '12 at 13:10

























answered Dec 1 '12 at 23:45









Charl BothaCharl Botha

281311




281311













  • @CharlBotha Would you be able to shed any light on my question? superuser.com/questions/692172/… I believe that the Samsung Evo 840 with latest firmware and Magician in theory now meets your criteria, but I can't get it to work.

    – Stephen Kennedy
    Dec 23 '13 at 12:05











  • custompcreview.com/news/… has the info which makes me think the 840 now belongs on your list.

    – Stephen Kennedy
    Dec 23 '13 at 12:09



















  • @CharlBotha Would you be able to shed any light on my question? superuser.com/questions/692172/… I believe that the Samsung Evo 840 with latest firmware and Magician in theory now meets your criteria, but I can't get it to work.

    – Stephen Kennedy
    Dec 23 '13 at 12:05











  • custompcreview.com/news/… has the info which makes me think the 840 now belongs on your list.

    – Stephen Kennedy
    Dec 23 '13 at 12:09

















@CharlBotha Would you be able to shed any light on my question? superuser.com/questions/692172/… I believe that the Samsung Evo 840 with latest firmware and Magician in theory now meets your criteria, but I can't get it to work.

– Stephen Kennedy
Dec 23 '13 at 12:05





@CharlBotha Would you be able to shed any light on my question? superuser.com/questions/692172/… I believe that the Samsung Evo 840 with latest firmware and Magician in theory now meets your criteria, but I can't get it to work.

– Stephen Kennedy
Dec 23 '13 at 12:05













custompcreview.com/news/… has the info which makes me think the 840 now belongs on your list.

– Stephen Kennedy
Dec 23 '13 at 12:09





custompcreview.com/news/… has the info which makes me think the 840 now belongs on your list.

– Stephen Kennedy
Dec 23 '13 at 12:09


















draft saved

draft discarded




















































Thanks for contributing an answer to Super User!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f484332%2fssd-aes-256-hardware-encryption-how-to-configure%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Probability when a professor distributes a quiz and homework assignment to a class of n students.

Aardman Animations

Are they similar matrix