cancel
Showing results for 
Search instead for 
Did you mean: 

Intel 320-series SSD and FDE (Full Disk Encryption) questions...

idata
Esteemed Contributor III

I am considering to buy a couple of new solid state drives for my company. A requirement is FDE and according to some info I found the new 320 series should support this. I have a few questions:

1. As far as I know none of our computers have any support in BIOS for disk password. Is this required for FDE to work with the 320 series or how exactly does the encyption / password entry work?

2. If we would like to use a RAID configuration (RAID 0 striping) is it still possible to use FDE and if so do one have to enter a password for each disk?

3. What about using two disks in the samer computer (non-raid) that is used to dual boot two different operating systems (say Linux and Windows 7) installed one OS on each drive - does FDE work in this case and would one have to enter a password twice?

4. Is the FDE solution dependent on some support in the OS (in that case what OS does it work with) or is it independent?

5. Do you have some white paper about the FDE with for instance information about how much slower it is compared to a non FDE drive?

6. I have read that TRIM does not work with SSDs in RAID configuration. Is this still the case and how dependent is the 320-series of TRIM?

/Trist

CORRECTION : I just found that our Dell Precision M6500 computers do have a field in the BIOS for disk password so I am interested in the questions above (two disks in the machine with or without RAID) also for this configuration. How do I know if the 320-serias FDE is compatible with the disk password setting in the dell M6500 machines? Is there a standard for this that all BIOS manufacturers follows or??

123 REPLIES 123

idata
Esteemed Contributor III

Exactly, the design makes no sense. I think either SSDelightful is wrong or the system is not designed to be secure at all. I think the most likely case is that the password is not actually used to encrypt the drive key at all and is merely an ordinary password that the drive requires before it will allow further access. Like most HDD ATA passwords it is probably totally insecure and easy to bypass, meaning there is basically zero protection against anyone who wants the data.

As I said, it's a tickbox feature, basically worthless. As far as I can tell the only company that makes known secure SSDs is Samsung, all the Sandforce ones are as useless as the Intel drives.

idata
Esteemed Contributor III

You can use a BIOS extension for desktops. It works well. http://www.fitzenreiter.de/ata/ata_eng.htm http://www.fitzenreiter.de/ata/ata_eng.htm

idata
Esteemed Contributor III

mojo wrote:

You can use a BIOS extension for desktops. It works well. http://www.fitzenreiter.de/ata/ata_eng.htm http://www.fitzenreiter.de/ata/ata_eng.htm

That is only IDE, not AHCI and I don't think he plans to update it. I take a fairly big performance hit when I switch to IDE:

http://imgur.com/a/9Beny http://imgur.com/a/9Beny

I don't understand BIOS stuff well enough, but I found myself wondering why Intel didn't include ATA password support in the ICHxx AHCI BIOS.

idata
Esteemed Contributor III

I fully agree with you ryan29. Intel needs to release BIOSs for their boards with ATA password support. I bought an Intel desktop board for this very reason, assuming they would surely have it because of their SSDs.

idata
Esteemed Contributor III

Hi

I've enabled the ATA Password on my PC and everything works fine.

I now want to move the SSD to another PC and remove the FDE.

What is the exact supported procedure to do that?

Are the steps below correct?

1. Reset the ATA password

2. Dissconnect the drive3. Run secure erase on other PC 4. reinstall/restore OS, apps and so on.

Can I use an sata to usb adapter to perform step 3 above?

I just want to dubble check before doing anything drastic

Thanks in advance,

Michael