• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

Approaches for encryption on SSD

qhash

Weaksauce
Joined
Oct 25, 2011
Messages
110
Hi guys,

I bought Lenovo T450s,Samsung 850Pro 2,5" and Transcend MTS400 2242 M.2.
Drives are replaced, Windows 8.1 Pro bootable media is just being written.

I would like to HW encrypt Samsung 850Pro and somehow encrypt MTS400 as well.

I read lots of articles and I am not sure how to do that to achieve most reliable and ergonomic solution while still keeping decent performance:
1. install OS, enable HW encryption using Samsung Magican and then reinstall with drive encrypted w/TPM support. Add software bitlocker encryption to Transcend
QUESTIONS: <- will it be possible for me to use fingerprint to unlock the system? <- can I disable encryption on Transcend if the performance is bad?
2. eDrive?
3. Is it just better to enable BIOS password and have all the data encrypted this way on 850Pro?
3. different approach?
 
Last edited:
I did some searching and it actually seems that the best option is to use the ATA password in the BIOS and that automaticcaly alters the cipher key in the Samsung 840 Pro chip, thus making data inaccessible without a key.



This is enabled on Samsung 840 Pro by default (AES class 0 ).



One can change to Opal or eDrive. To change to Opal you either need to connect designated drive to an external ensloure or install system twice. you also need to do secure erase before 2nd install. this caused me lot of troubles, as I could not boot with the bootable media generated by samsung magican. I just abandoned that idea.



Problem is that in my boot menu I have : HDD0 - Samsung 840 Pro, HDD1 - Transcdent 512GB M.2 ( WWAN slot) and HDD2 Transcdent 16GB M.2 (lenovo oryginal part). In the BIOS section where you can set passwords I have HardDisk1, HardDisk2 and HardDisk3.



I guess HDD0 = HardDisk1 and so on.

How can I tell which HDDx corresponds to HardDiskX for sure?



My system is installed on Transcdent right now as I wanted to try BitLocker earlier.



I have set BIOS password on the currently unused and totally empty (no partitions) Samsung 840 Pro (harddisk1). BIOS asked for that password on boot and would not boot into the OS without a proper password.



I wonder how that works? If a set bios ATA password on any drive in the system it will not allow further boot without giving it no matter on which drive the OS is located?

Anyone with experience in that matter is wiling to help?
 
OK guys, so as no one has replied, I was forced to do some more research and testing.
I would like to share knowledge in case some one is interested.

1. Windows WILL set eDrive mode on any drive marked "ready to be set" during installation and *ATTENTION* also during simple drive init. Depending on the drive/firmware you can have that flag enabled by default!
2. This is a revertible operation only if you have a PSID number which should be printed on your drive and with vendor specific software. Remember to write down and store PSID as you might end with dissasembling your laptop more than you would like.
3. eDrive enabled drive will not work a SED and with ATA passwords.
4. Samsung 850 PRO is totally revertible
5. ThinkPad laptops can unlock SEDs with fingerprint. Supercool.
 
Back
Top