SSD hardware encryption?

Our "pub" where you can post about things completely Off Topic or about non-silent PC issues.

Moderators: NeilBlanchard, Ralf Hutter, sthayashi, Lawrence Lee

Post Reply
shunx
Posts: 341
Joined: Sun Oct 06, 2002 1:20 pm
Location: Vancouver

SSD hardware encryption?

Post by shunx » Fri Oct 19, 2012 4:56 am

Apparently some Intel SSDs can encrypt data in hardware so that you don't have to use software like TrueCrypt. Does anyone know which SSDs and motherboards can support this feature?

Das_Saunamies
*Lifetime Patron*
Posts: 2000
Joined: Tue May 15, 2007 1:39 am
Location: Finland

Re: SSD hardware encryption?

Post by Das_Saunamies » Fri Oct 19, 2012 5:14 am

Sounds like an enterprise feature. Micron markets theirs as "SED" versions, Self Encrypting Drives.

AFAICT no mobo support required, as it's all on the drive. Intel has some stuff going with CPUs under "vPro", but I'm not too familiar with that.

shunx
Posts: 341
Joined: Sun Oct 06, 2002 1:20 pm
Location: Vancouver

Re: SSD hardware encryption?

Post by shunx » Fri Oct 19, 2012 5:24 am

According the following video, Intel's drives requires you to set two passwords in the BIOS, a master password and a drive password: http://www.youtube.com/watch?v=DV5zuDF6MIw#t=2m42s

The video isn't very clear on which models support this feature though.

m1st
Posts: 132
Joined: Sun Jan 31, 2010 6:43 pm
Location: US

Re: SSD hardware encryption?

Post by m1st » Fri Oct 19, 2012 5:31 am

I'll update this post when I find the proper links, but the Intel 320 (older), 330, and 520 series consumer SSDs support AES128 encryption on the NAND. This means that the controller encrypts the data actually being written onto the NAND, so if somebody theoretically pulled one of the NAND chips off the drive, they would just see gibberish.

In normal usage, the controller automatically uses the decryption key to pass the data along to the computer transparently; However, if you set a hard drive password in the BIOS, it will hide the decryption key until the drive is unlocked, in effect making the drive unreadable without the hard drive password. The only annoying thing about this is you have to input the password at every bootup.

shunx
Posts: 341
Joined: Sun Oct 06, 2002 1:20 pm
Location: Vancouver

Re: SSD hardware encryption?

Post by shunx » Fri Oct 19, 2012 10:02 am

Thanks -- how do we determine if a motherboard supports this password system, is there a name for this specification?

Also, is this the same thing as "self encrypting drives"?

m1st
Posts: 132
Joined: Sun Jan 31, 2010 6:43 pm
Location: US

Re: SSD hardware encryption?

Post by m1st » Fri Oct 19, 2012 11:45 am

Here is a good place to look regarding the Intel implementation.

Usually, the feature in a motherboard BIOS is called "hard disk password" or something similar. A more official name for it is "ATA password" support. Since it's an optional feature, many motherboards forgo support, or are otherwise flaky in their implementation. Yes, this is very similar to "self encrypting drives".

Vicotnik
*Lifetime Patron*
Posts: 1831
Joined: Thu Feb 13, 2003 6:53 am
Location: Sweden

Re: SSD hardware encryption?

Post by Vicotnik » Sat Oct 20, 2012 7:23 am

I trust Truecrypt because it's open. I doubt Intels own solution is.

m1st
Posts: 132
Joined: Sun Jan 31, 2010 6:43 pm
Location: US

Re: SSD hardware encryption?

Post by m1st » Sun Oct 21, 2012 6:15 pm

Well TrueCrypt and similar (eg. Bitlocker) operate at the file system level. I use Bitlocker on my laptop since it has a TPM module and allows for single sign-on (I don't have to put a password to boot the computer and another to login to my computer), but each have their advantages and disadvantages.

One reason why someone might not want to use a file system level encryption suite with the Intel 330/520 series is because they use the Sandforce SF-2200 series controller. Because Sandforce controllers owe a lot of their performance advantages to performing realtime data compression, dealing with encrypted data (which is very nearly incompressible) will cause quite a large performance loss. Anandtech's bench results help illuminate the difference you will see when enabling TrueCrypt or Bitlocker.

Lastly, performance wise, the encryption provided by Intel SSDs is completely free. If you have to rely on your CPU to encrypt data at the file system level, you may see higher CPU usage and lower read/write rates. Then again, if you have a relatively recent CPU that supports AES-NI, this point is moot.

tim851
Posts: 543
Joined: Wed Aug 13, 2008 11:45 am
Location: 128.0.0.1

Re: SSD hardware encryption?

Post by tim851 » Mon Oct 22, 2012 1:57 am

Vicotnik wrote:I trust Truecrypt because it's open.
Seconded. Open Source, very popular and more than 10 years old. This means that almost everybody who's been interested in encryption will have taken a look at it, trying to expose weaknesses. There are no backdoors, as sometimes found in proprietory software. It is most likely the most secure solution on the planet.

Post Reply