![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Machupo
Gravity Tester
- Joined
- Nov 14, 2004
- Messages
- 5,759
Ok, so I am getting a new NVMe drive due to space constraints. The current version of this system operates using Bitlocker, but the new drive I am getting allegedly supports TCG OPAL.
Does anyone have a working variation of NVMe and hardware full-disk encryption?
I have seen this interesting github repo (and description) with similar hardware, but it sounds like there is a lot of kludge-work to be done getting the SSD, the UEFI, and the OS to play nicely (particularly to assure that the drive is fully encrypted in sleep states). I'd like to ensure encrypted data-at-rest (including S3), ability to utilize 2FA (pre-boot PW + yubikey), and applicability to multiple OSes (initially Win 10 Pro and Arch).
If it is going to be a spelunking adventure, any thoughts on whether there are significant benefits over a Bitlocker approach?
Does anyone have a working variation of NVMe and hardware full-disk encryption?
I have seen this interesting github repo (and description) with similar hardware, but it sounds like there is a lot of kludge-work to be done getting the SSD, the UEFI, and the OS to play nicely (particularly to assure that the drive is fully encrypted in sleep states). I'd like to ensure encrypted data-at-rest (including S3), ability to utilize 2FA (pre-boot PW + yubikey), and applicability to multiple OSes (initially Win 10 Pro and Arch).
If it is going to be a spelunking adventure, any thoughts on whether there are significant benefits over a Bitlocker approach?