This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Intel 320-series SSD and FDE (Full Disk Encryption) questions...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-26-2011 08:14 AM
I am considering to buy a couple of new solid state drives for my company. A requirement is FDE and according to some info I found the new 320 series should support this. I have a few questions:
1. As far as I know none of our computers have any support in BIOS for disk password. Is this required for FDE to work with the 320 series or how exactly does the encyption / password entry work?
2. If we would like to use a RAID configuration (RAID 0 striping) is it still possible to use FDE and if so do one have to enter a password for each disk?
3. What about using two disks in the samer computer (non-raid) that is used to dual boot two different operating systems (say Linux and Windows 7) installed one OS on each drive - does FDE work in this case and would one have to enter a password twice?
4. Is the FDE solution dependent on some support in the OS (in that case what OS does it work with) or is it independent?
5. Do you have some white paper about the FDE with for instance information about how much slower it is compared to a non FDE drive?
6. I have read that TRIM does not work with SSDs in RAID configuration. Is this still the case and how dependent is the 320-series of TRIM?
/Trist
CORRECTION : I just found that our Dell Precision M6500 computers do have a field in the BIOS for disk password so I am interested in the questions above (two disks in the machine with or without RAID) also for this configuration. How do I know if the 320-serias FDE is compatible with the disk password setting in the dell M6500 machines? Is there a standard for this that all BIOS manufacturers follows or??
123 REPLIES 123
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2011 02:16 PM
Thanks for the response!
It resolved most of the doubts.
I'm wondering if there is any possibility to add ATA password support without modifying motherboard's BIOS?
Is there any hope for the very large group of potential intel's 320 ssd users whose desktop or laptop systems and BIOSes do not offer appropriate password interface?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2011 03:57 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-12-2011 12:14 AM
Good reading, Shiek. Thanks.
I can see one rather big glitch in using ATASX (or similar) extension.
It does not work in AHCI mode, unfortunately. It can't see the drive if AHCI is enabled in BIOS.
Running ssd in IDE (legacy) mode is not a horror by any meens but... you are loosing hot swap and more importantly raid functionality for all drives connected to intel motherboard chipset sata controllers.
Unfortunately setting controller in RAID mode in BIOS effectively turns AHCI on. And AHCI becomes turned on for all devices even if ssd is not a part of any raid volume. If I'm wrong here, please correct me.
SSDelightful mentioned about two utilities: HDAT2 and HDPARM. AFAIK they also require IDE mode. They are useful to set the password system on/off but not for everyday authorisation purposes.
Do you have guys any ideas?
This whole matter becomes more and more frustrating.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-12-2011 03:45 AM
I started reading this forum thi snight and it is blood-boiling fascinating. Waiting for the final answers.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-14-2011 01:31 AM
I have a question regarding part of your response: "ATA Password is stored in media as a non-reversible hashed value. This answer also applies to other questions in the blog. See below." What sort of hash? Is it randomly salted per drive? I would have preferred that it didn't store a hash at all, instead do like TrueCrypt (and others do), encrypt the random generated key with your password (which the 320 does), then when you try to unlock the ssd it decrypts the stored key using the password and then try to decrypt known data. If the decryption fails, the password is wrong. I guess Intel didn't go this way as they don't necessarily have known data on the SSD. (They could have added some static known data somewhere on the drive that's a different discussion.) For those wondering if you can change your password, this is usually done by re-encrypting the key using the new password. I don't know if the 320-series supports this though, so a clarification would be great. Bonus question: What block mode is used with AES?
Related Content
- SRT&BitLocker security question in Archive
- Intel SSD 520 Series - Encryption Spec Update in Archive
- 240GB SSD Series 520 - Questions on the "Hardware Encryption" feature, thanks. in Archive
- Information on Intel 520 SSD drives and encryption in Archive
- CAN ANYONE PLEASE CONFIRM - SSD "320 series" STILL NOT AS SECURE AS REG. HARDDRIVES w/ATA PASSWORD and/or FDE ? in Archive
