03-26-2011 08:14 AM
I am considering to buy a couple of new solid state drives for my company. A requirement is FDE and according to some info I found the new 320 series should support this. I have a few questions:
1. As far as I know none of our computers have any support in BIOS for disk password. Is this required for FDE to work with the 320 series or how exactly does the encyption / password entry work?
2. If we would like to use a RAID configuration (RAID 0 striping) is it still possible to use FDE and if so do one have to enter a password for each disk?
3. What about using two disks in the samer computer (non-raid) that is used to dual boot two different operating systems (say Linux and Windows 7) installed one OS on each drive - does FDE work in this case and would one have to enter a password twice?
4. Is the FDE solution dependent on some support in the OS (in that case what OS does it work with) or is it independent?
5. Do you have some white paper about the FDE with for instance information about how much slower it is compared to a non FDE drive?
6. I have read that TRIM does not work with SSDs in RAID configuration. Is this still the case and how dependent is the 320-series of TRIM?
/Trist
CORRECTION : I just found that our Dell Precision M6500 computers do have a field in the BIOS for disk password so I am interested in the questions above (two disks in the machine with or without RAID) also for this configuration. How do I know if the 320-serias FDE is compatible with the disk password setting in the dell M6500 machines? Is there a standard for this that all BIOS manufacturers follows or??
04-24-2011 08:31 PM
SUCCESS!
I TRIGGERED YOU PEOPLE TO POST EXTREMELY VALUABLE INFORMATION. UP UNTIL I TROLLED SEVERAL POSTS AGO PEOPLE WERE GOING IN CIRCLES, BUT NOW, DESPITE MY EXISTING SUBSTANTIAL KNOWNELEDGE, YOU ADDED SEVERAL FACTS TO REMOVE SEVERAL HEADACHES I WAS PUZZLED BY! Things stored on my computers are related to bleeding-edge latest fiberoptic links, solidstatepower Microwave amplifers, missile/warhead telemetry, etc. it's secure at work, LoJack, kingston chains, etc. besides passwords/cryptography; but at home - I could only trust this HP EliteBook which has more passwords in hardware than there're bugs in Amazon jungles. Problem is it all works for magnetic storage and I had doubts about SSD's, so first - I decided can only allow Intel320 or Sandforce-based stuff (hard encrypting) & IronKeys. No classified info at home, but still I am paranoid enough to start worrying the moment I started using SSD's. Next, is somethign worse - desktop mobo MSI + another laptop (ultraportable HP DM1Z - famous new product came out this Mrach2011), none of these babies have even simple ATA password in BIOS, none. So hard encrypting SSD is meaningless, whether it's Intel or non-Intel/Sandforce, meaningless without a password if thieves steal it - you're finished. No need to desolder chips.
So I was pondering if soft encryption is a non-no for SSD & only works fine on harddisks, does that mean I am locked out from SSD's for anything other than tiny 32GB boot drive or some useless cr*p b/c protection is impossible.
But according to your [claim],
I "CAN" USE SOFT ENCRYPTION WITH BOOTLOADER IF "ATApassword" IS NOT OFFERED BY BIOS, OR ALTERNATIVELY I COULD CONTINUE USING MY DANGERIUS HACKTOOLS (dangerous b/c I accept a possibility of one day locking up a modern SSD and unable to unlock since thing slike atapwd, mhdd, diskparm... whatever are very dated and were mostly tested for magnetic storage).
So I squeezed something from you people worth of SAVING.
I saved this thread as a reference.
Thanks - it even relieved me from contact Intel, HP, Crucial & others tech support with as many messages as I planned. I will still ask them stuff, but less due to your responses here. My cat is attempting to eat Microsoft mouse and I shall depart.
04-24-2011 09:03 PM
Actually taking part of my praises back.
That Microsoft's TechNet/MSDN article is dated by May2009. This unlike for harddisks, is potentially horribly obsolete. The author could not possibly know what we know in 2011 - SSD's did not evolve, they've revolutionized since 2 years ago. Therefore some of Sinofsky's discussion might be based on obsolete & even incorrect facts.
Experiements have shown software Encryption is problematic for SSD's, Intel or not, compression or not, random or intercorrelated data - it is still something at least Enterprise market will not be happy with. Besides enterprise/corporate users, regular people like me - we ABSOLUTELY need protection.
So it comes back again to Hardware encryption being the proper solution BUT without some password it's meaningless.
The only meaning of hard encryption is if someone steals password-protected SSD, that person cannot remove flashmemory chips & solder onto another idential PCBboard & steal all your data - b/c it's enrypted and would be exceedingly difficult to decrypt, possibly not worth the effort.
However WITHOUT a password all the above is garbage. Thief simply steals your whole SSD & no need to remove flashmemory chips. Just plug into another SATA port/computer and you're a victim. The lack of Password makes hardware encryotion a waste of advertising space by manufacturers, I am lucky to own HP EliteBook whose BIOS offers ATA password, but I am not lucky to own everything else (desktop MSI/built for CAD/design work & HP DM1Z blockbuster) that doesn't offer it in BIOS and hackign to setup a passwor d- you know, life is short and I am very unhappy to play these password games everytime I depart from office longterm or travel.
It should be easily setup thru Intel SSD Toolbox maybe? But it's not there, nor is it in any other SSD maker yet - OCZ (crap is least reliable), Crucial (medium reliable), or Intel (most reliable).
SO bottom line:
we still cannot tryust SSD's most important data YOU MAY WONDER SO WHAT? Only use SSD for non-critical data? But problem is there's NO WAY to ensure your sensitive/secret data never ends up on SSD even if you intentionally write it to only to harddisks (documents) and reserve SSD only for OS/boot/etc. What are you going to spend time to make sure no "debris" is spilled out onto SSD? Impossible. Even as you view this webpage, some caching/temporary files storing is happening in background and if you're working oin secret stuff, stealing your SSD supposedly not holding documents will still reveal stuff about you may not want others to know. And one last thing:
I am not going to bother "relocating" Users, pagelie, etc. crap from Boot/primary SSSD onto harddisk b/c it's an invitation to future problems (e.g. new software installation failures, losses/corruption, etc.).
Stupid.
Someone please give us ability to enter PASSWORD! Else AES128bit or 1024bit encryption - is all meaningless!
04-24-2011 09:13 PM
Sinofky's last name (man who wrote that Microsoft blog), rhymes with mine. So I know he is insane.
Besides that blog is dated by may2009! 2 years ago.
Cannot trust it, 100%. What did they know 2 years ago?
Hardware encrypting SSD's were not even on the market, and number of customers using SSD's was like the number of people using cellphones in 1991.
04-24-2011 09:18 PM
i am very krazy.
04-25-2011 04:55 AM
Thanks alot for that clarification, but does it also apply to the 510 series? I was considering a few Vertex 3 for corporate laptops, but as OCZ fail to clarify this crucial detail I will go with the 320 instead (or 510 if it has the same ATA password and controller AES link). Software FDE is really hard for the regular employee to grasp and error prone; just using Windows backup with Truecrypt requires a "hack", Ultimate Editions for BitLocker is not quite cost effective.