SSD AES-256 hardware encryption - how to configure?












7















Recently, I bought Plextor M5 Pro with hardware full-disk AES-256 encryption. Installed it in my laptop, where I have no HDD BIOS password set. From what I read around it seems that the encryption is invisible for the OS and the HDD BIOS password is useless if my laptop get stolen. The AES-256 encryption keys are stored on the drive itself.



What I would like to know is how to configure the built-in encryption. How to make sure my data is protected?



The OS, although irrelevant in this case, is Ubuntu 12.04, 64-bit. The laptop is HP Compaq nc4400. The BIOS has master password set, but no HDD one.






ssd bios disk-encryption fde ata-security







share|improve this question

























  • maybe man hdparm will yield some results. I am not sure but there are two parameters mentioned there: One is --security-unlock PWD and the other --security-set-pass PWD. Also bear in mind that by trusting the AES in your drive you trust the company which made the product. With a modern AES_NI enabled intel cpu you might at a slight expense be able to have a maybe more trustworthy protection. Of course all depends on the value of your data :)

    – humanityANDpeace
    Oct 8 '12 at 13:19


















7















Recently, I bought Plextor M5 Pro with hardware full-disk AES-256 encryption. Installed it in my laptop, where I have no HDD BIOS password set. From what I read around it seems that the encryption is invisible for the OS and the HDD BIOS password is useless if my laptop get stolen. The AES-256 encryption keys are stored on the drive itself.



What I would like to know is how to configure the built-in encryption. How to make sure my data is protected?



The OS, although irrelevant in this case, is Ubuntu 12.04, 64-bit. The laptop is HP Compaq nc4400. The BIOS has master password set, but no HDD one.






ssd bios disk-encryption fde ata-security







share|improve this question

























  • maybe man hdparm will yield some results. I am not sure but there are two parameters mentioned there: One is --security-unlock PWD and the other --security-set-pass PWD. Also bear in mind that by trusting the AES in your drive you trust the company which made the product. With a modern AES_NI enabled intel cpu you might at a slight expense be able to have a maybe more trustworthy protection. Of course all depends on the value of your data :)

    – humanityANDpeace
    Oct 8 '12 at 13:19
















7












7








7


6






Recently, I bought Plextor M5 Pro with hardware full-disk AES-256 encryption. Installed it in my laptop, where I have no HDD BIOS password set. From what I read around it seems that the encryption is invisible for the OS and the HDD BIOS password is useless if my laptop get stolen. The AES-256 encryption keys are stored on the drive itself.



What I would like to know is how to configure the built-in encryption. How to make sure my data is protected?



The OS, although irrelevant in this case, is Ubuntu 12.04, 64-bit. The laptop is HP Compaq nc4400. The BIOS has master password set, but no HDD one.






ssd bios disk-encryption fde ata-security







share|improve this question
















Recently, I bought Plextor M5 Pro with hardware full-disk AES-256 encryption. Installed it in my laptop, where I have no HDD BIOS password set. From what I read around it seems that the encryption is invisible for the OS and the HDD BIOS password is useless if my laptop get stolen. The AES-256 encryption keys are stored on the drive itself.



What I would like to know is how to configure the built-in encryption. How to make sure my data is protected?



The OS, although irrelevant in this case, is Ubuntu 12.04, 64-bit. The laptop is HP Compaq nc4400. The BIOS has master password set, but no HDD one.






ssd bios disk-encryption fde ata-security




ssd bios disk-encryption fde ata-security






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jan 18 at 10:52









͏͏͏

2,65611214




2,65611214










asked Oct 6 '12 at 18:52









grsgrs

9271814




9271814













  • maybe man hdparm will yield some results. I am not sure but there are two parameters mentioned there: One is --security-unlock PWD and the other --security-set-pass PWD. Also bear in mind that by trusting the AES in your drive you trust the company which made the product. With a modern AES_NI enabled intel cpu you might at a slight expense be able to have a maybe more trustworthy protection. Of course all depends on the value of your data :)

    – humanityANDpeace
    Oct 8 '12 at 13:19





















  • maybe man hdparm will yield some results. I am not sure but there are two parameters mentioned there: One is --security-unlock PWD and the other --security-set-pass PWD. Also bear in mind that by trusting the AES in your drive you trust the company which made the product. With a modern AES_NI enabled intel cpu you might at a slight expense be able to have a maybe more trustworthy protection. Of course all depends on the value of your data :)

    – humanityANDpeace
    Oct 8 '12 at 13:19



















maybe man hdparm will yield some results. I am not sure but there are two parameters mentioned there: One is --security-unlock PWD and the other --security-set-pass PWD. Also bear in mind that by trusting the AES in your drive you trust the company which made the product. With a modern AES_NI enabled intel cpu you might at a slight expense be able to have a maybe more trustworthy protection. Of course all depends on the value of your data :)

– humanityANDpeace
Oct 8 '12 at 13:19







maybe man hdparm will yield some results. I am not sure but there are two parameters mentioned there: One is --security-unlock PWD and the other --security-set-pass PWD. Also bear in mind that by trusting the AES in your drive you trust the company which made the product. With a modern AES_NI enabled intel cpu you might at a slight expense be able to have a maybe more trustworthy protection. Of course all depends on the value of your data :)

– humanityANDpeace
Oct 8 '12 at 13:19












1 Answer
1






active

oldest

votes


















10














In the best case, which is probable for the Plextor M5 Pro, because they advertise it as such, the AES keys are encrypted by your ATA (HDD) password. Also see the security graphic under "AES Data Encryption" on the M5 Pro website: http://www.plextor-digital.com/index.php/en/M5-Pro/m5-pro.html -- it looks like they're implying that the ATA password is somehow linked to the AES key. It would be nice to get some official confirmation though.



You can see here for example that the Intel 320 SSD follows the correct strategy (ATA password stored hashed, and used to encrypt AES key): http://communities.intel.com/message/120689#120689



I also have reason to believe that the Intel 520, the Samsung 540 Pro and the Kingston 200V+ do it the right way too, but I'm desperately trying to find more confirmation.



Here you can see that OCZ has NOT encrypted the AES key with the ATA password, even going so far as to say that there is no relation between the two: http://www.ocztechnologyforum.com/forum/showthread.php?71788-SandForce-encryption-info&p=507570&viewfull=1#post507570



I've put together a blog post to collect information about the hardware encryption on an number of current SSDs: http://vxlabs.com/2012/12/22/ssds-with-usable-built-in-hardware-based-full-disk-encryption/






share|improve this answer


























  • @CharlBotha Would you be able to shed any light on my question? superuser.com/questions/692172/… I believe that the Samsung Evo 840 with latest firmware and Magician in theory now meets your criteria, but I can't get it to work.

    – Stephen Kennedy
    Dec 23 '13 at 12:05











  • custompcreview.com/news/… has the info which makes me think the 840 now belongs on your list.

    – Stephen Kennedy
    Dec 23 '13 at 12:09











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f484332%2fssd-aes-256-hardware-encryption-how-to-configure%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









10














In the best case, which is probable for the Plextor M5 Pro, because they advertise it as such, the AES keys are encrypted by your ATA (HDD) password. Also see the security graphic under "AES Data Encryption" on the M5 Pro website: http://www.plextor-digital.com/index.php/en/M5-Pro/m5-pro.html -- it looks like they're implying that the ATA password is somehow linked to the AES key. It would be nice to get some official confirmation though.



You can see here for example that the Intel 320 SSD follows the correct strategy (ATA password stored hashed, and used to encrypt AES key): http://communities.intel.com/message/120689#120689



I also have reason to believe that the Intel 520, the Samsung 540 Pro and the Kingston 200V+ do it the right way too, but I'm desperately trying to find more confirmation.



Here you can see that OCZ has NOT encrypted the AES key with the ATA password, even going so far as to say that there is no relation between the two: http://www.ocztechnologyforum.com/forum/showthread.php?71788-SandForce-encryption-info&p=507570&viewfull=1#post507570



I've put together a blog post to collect information about the hardware encryption on an number of current SSDs: http://vxlabs.com/2012/12/22/ssds-with-usable-built-in-hardware-based-full-disk-encryption/






share|improve this answer


























  • @CharlBotha Would you be able to shed any light on my question? superuser.com/questions/692172/… I believe that the Samsung Evo 840 with latest firmware and Magician in theory now meets your criteria, but I can't get it to work.

    – Stephen Kennedy
    Dec 23 '13 at 12:05











  • custompcreview.com/news/… has the info which makes me think the 840 now belongs on your list.

    – Stephen Kennedy
    Dec 23 '13 at 12:09
















10














In the best case, which is probable for the Plextor M5 Pro, because they advertise it as such, the AES keys are encrypted by your ATA (HDD) password. Also see the security graphic under "AES Data Encryption" on the M5 Pro website: http://www.plextor-digital.com/index.php/en/M5-Pro/m5-pro.html -- it looks like they're implying that the ATA password is somehow linked to the AES key. It would be nice to get some official confirmation though.



You can see here for example that the Intel 320 SSD follows the correct strategy (ATA password stored hashed, and used to encrypt AES key): http://communities.intel.com/message/120689#120689



I also have reason to believe that the Intel 520, the Samsung 540 Pro and the Kingston 200V+ do it the right way too, but I'm desperately trying to find more confirmation.



Here you can see that OCZ has NOT encrypted the AES key with the ATA password, even going so far as to say that there is no relation between the two: http://www.ocztechnologyforum.com/forum/showthread.php?71788-SandForce-encryption-info&p=507570&viewfull=1#post507570



I've put together a blog post to collect information about the hardware encryption on an number of current SSDs: http://vxlabs.com/2012/12/22/ssds-with-usable-built-in-hardware-based-full-disk-encryption/






share|improve this answer


























  • @CharlBotha Would you be able to shed any light on my question? superuser.com/questions/692172/… I believe that the Samsung Evo 840 with latest firmware and Magician in theory now meets your criteria, but I can't get it to work.

    – Stephen Kennedy
    Dec 23 '13 at 12:05











  • custompcreview.com/news/… has the info which makes me think the 840 now belongs on your list.

    – Stephen Kennedy
    Dec 23 '13 at 12:09














10












10








10







In the best case, which is probable for the Plextor M5 Pro, because they advertise it as such, the AES keys are encrypted by your ATA (HDD) password. Also see the security graphic under "AES Data Encryption" on the M5 Pro website: http://www.plextor-digital.com/index.php/en/M5-Pro/m5-pro.html -- it looks like they're implying that the ATA password is somehow linked to the AES key. It would be nice to get some official confirmation though.



You can see here for example that the Intel 320 SSD follows the correct strategy (ATA password stored hashed, and used to encrypt AES key): http://communities.intel.com/message/120689#120689



I also have reason to believe that the Intel 520, the Samsung 540 Pro and the Kingston 200V+ do it the right way too, but I'm desperately trying to find more confirmation.



Here you can see that OCZ has NOT encrypted the AES key with the ATA password, even going so far as to say that there is no relation between the two: http://www.ocztechnologyforum.com/forum/showthread.php?71788-SandForce-encryption-info&p=507570&viewfull=1#post507570



I've put together a blog post to collect information about the hardware encryption on an number of current SSDs: http://vxlabs.com/2012/12/22/ssds-with-usable-built-in-hardware-based-full-disk-encryption/






share|improve this answer















In the best case, which is probable for the Plextor M5 Pro, because they advertise it as such, the AES keys are encrypted by your ATA (HDD) password. Also see the security graphic under "AES Data Encryption" on the M5 Pro website: http://www.plextor-digital.com/index.php/en/M5-Pro/m5-pro.html -- it looks like they're implying that the ATA password is somehow linked to the AES key. It would be nice to get some official confirmation though.



You can see here for example that the Intel 320 SSD follows the correct strategy (ATA password stored hashed, and used to encrypt AES key): http://communities.intel.com/message/120689#120689



I also have reason to believe that the Intel 520, the Samsung 540 Pro and the Kingston 200V+ do it the right way too, but I'm desperately trying to find more confirmation.



Here you can see that OCZ has NOT encrypted the AES key with the ATA password, even going so far as to say that there is no relation between the two: http://www.ocztechnologyforum.com/forum/showthread.php?71788-SandForce-encryption-info&p=507570&viewfull=1#post507570



I've put together a blog post to collect information about the hardware encryption on an number of current SSDs: http://vxlabs.com/2012/12/22/ssds-with-usable-built-in-hardware-based-full-disk-encryption/







share|improve this answer














share|improve this answer



share|improve this answer








edited Dec 22 '12 at 13:10

























answered Dec 1 '12 at 23:45









Charl BothaCharl Botha

281311




281311













  • @CharlBotha Would you be able to shed any light on my question? superuser.com/questions/692172/… I believe that the Samsung Evo 840 with latest firmware and Magician in theory now meets your criteria, but I can't get it to work.

    – Stephen Kennedy
    Dec 23 '13 at 12:05











  • custompcreview.com/news/… has the info which makes me think the 840 now belongs on your list.

    – Stephen Kennedy
    Dec 23 '13 at 12:09



















  • @CharlBotha Would you be able to shed any light on my question? superuser.com/questions/692172/… I believe that the Samsung Evo 840 with latest firmware and Magician in theory now meets your criteria, but I can't get it to work.

    – Stephen Kennedy
    Dec 23 '13 at 12:05











  • custompcreview.com/news/… has the info which makes me think the 840 now belongs on your list.

    – Stephen Kennedy
    Dec 23 '13 at 12:09

















@CharlBotha Would you be able to shed any light on my question? superuser.com/questions/692172/… I believe that the Samsung Evo 840 with latest firmware and Magician in theory now meets your criteria, but I can't get it to work.

– Stephen Kennedy
Dec 23 '13 at 12:05





@CharlBotha Would you be able to shed any light on my question? superuser.com/questions/692172/… I believe that the Samsung Evo 840 with latest firmware and Magician in theory now meets your criteria, but I can't get it to work.

– Stephen Kennedy
Dec 23 '13 at 12:05













custompcreview.com/news/… has the info which makes me think the 840 now belongs on your list.

– Stephen Kennedy
Dec 23 '13 at 12:09





custompcreview.com/news/… has the info which makes me think the 840 now belongs on your list.

– Stephen Kennedy
Dec 23 '13 at 12:09


















draft saved

draft discarded




















































Thanks for contributing an answer to Super User!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f484332%2fssd-aes-256-hardware-encryption-how-to-configure%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

How do I know what Microsoft account the skydrive app is syncing to?

Image
up vote 4 down vote favorite 1 Some time ago, I set up skydrive for my wife on her mac. But now she wants to access the files online, I cannot remember what Microsoft account I setup and linked her skydive app to and nor can I see anything in the skydrive app settings to tell me either? How can I see the name of the Microsoft account the skydive app is currently linked to? I would like to know this for skydrive app for Mac and PC onedrive share | improve this question asked Feb 25 '13 at 4:52 Gary Barrett 260 2 5 12
Read more

When does type information flow backwards in C++?

Image
up vote 62 down vote favorite 19 I just watched Stephan T. Lavavej talk at CppCon 2018 on "Class Template Argument Deduction", where at some point he incidentally says: In C++ type information almost never flows backwards ... I had to say "almost" because there's one or two cases, possibly more but very few . Despite trying to figure out which cases he might be referring to, I couldn't come up with anything. Hence the question: In which cases the C++17 standard mandates that type information propagate backwards? c++ language-lawyer c++17 share | improve this question edited 7 hours ago scohe0
Read more

Grease: Live!

Image
A tradução deste artigo está abaixo da qualidade média aceitável. É possível que tenha sido feita por um tradutor automático ou por alguém que não conhece bem o português ou a língua original do texto. Caso queira colaborar com a Wikipédia, tente encontrar a página original e melhore este verbete conforme o guia de tradução. Grease: Live! Grease: Live!  (PRT/BRA)  Estados Unidos 2016 •   cor •   130 min. min   Direção Thomas Kail Alex Rudzinski Produção Marc Platt Adam Siegel Roteiro Allan Carr Robert Cary Warren Casey Jim Jacobs Jonathan Tolins Bronte Woodard Baseado em Grease (musical) Grease (filme) Elenco Julianne Hough Aaron Tveit Vanessa Hudgens Carlos Pena Jr. Keke Palmer Carly Rae Jepsen Kether Donohue Jordan Fisher David Del Rio Andrew Call Gênero Musical Música Tom Kitt Figurino William Ivey Long Companhia(s) produtora(s) Warner Bros. Studios Distribuição Fox Lançamento 31 de Janei
Read more