cancel
Showing results for 
Search instead for 
Did you mean: 

Intel 320-series SSD and FDE (Full Disk Encryption) questions...

idata
Esteemed Contributor III

I am considering to buy a couple of new solid state drives for my company. A requirement is FDE and according to some info I found the new 320 series should support this. I have a few questions:

1. As far as I know none of our computers have any support in BIOS for disk password. Is this required for FDE to work with the 320 series or how exactly does the encyption / password entry work?

2. If we would like to use a RAID configuration (RAID 0 striping) is it still possible to use FDE and if so do one have to enter a password for each disk?

3. What about using two disks in the samer computer (non-raid) that is used to dual boot two different operating systems (say Linux and Windows 7) installed one OS on each drive - does FDE work in this case and would one have to enter a password twice?

4. Is the FDE solution dependent on some support in the OS (in that case what OS does it work with) or is it independent?

5. Do you have some white paper about the FDE with for instance information about how much slower it is compared to a non FDE drive?

6. I have read that TRIM does not work with SSDs in RAID configuration. Is this still the case and how dependent is the 320-series of TRIM?

/Trist

CORRECTION : I just found that our Dell Precision M6500 computers do have a field in the BIOS for disk password so I am interested in the questions above (two disks in the machine with or without RAID) also for this configuration. How do I know if the 320-serias FDE is compatible with the disk password setting in the dell M6500 machines? Is there a standard for this that all BIOS manufacturers follows or??

123 REPLIES 123

idata
Esteemed Contributor III

Thanks for the response!

It resolved most of the doubts.

I'm wondering if there is any possibility to add ATA password support without modifying motherboard's BIOS?

Is there any hope for the very large group of potential intel's 320 ssd users whose desktop or laptop systems and BIOSes do not offer appropriate password interface?

idata
Esteemed Contributor III

Good reading, Shiek. Thanks.

I can see one rather big glitch in using ATASX (or similar) extension.

It does not work in AHCI mode, unfortunately. It can't see the drive if AHCI is enabled in BIOS.

Running ssd in IDE (legacy) mode is not a horror by any meens but... you are loosing hot swap and more importantly raid functionality for all drives connected to intel motherboard chipset sata controllers.

Unfortunately setting controller in RAID mode in BIOS effectively turns AHCI on. And AHCI becomes turned on for all devices even if ssd is not a part of any raid volume. If I'm wrong here, please correct me.

SSDelightful mentioned about two utilities: HDAT2 and HDPARM. AFAIK they also require IDE mode. They are useful to set the password system on/off but not for everyday authorisation purposes.

Do you have guys any ideas?

This whole matter becomes more and more frustrating.

idata
Esteemed Contributor III

I started reading this forum thi snight and it is blood-boiling fascinating. Waiting for the final answers.

idata
Esteemed Contributor III
I have a question regarding part of your response: "ATA Password is stored in media as a non-reversible hashed value. This answer also applies to other questions in the blog. See below." What sort of hash? Is it randomly salted per drive? I would have preferred that it didn't store a hash at all, instead do like TrueCrypt (and others do), encrypt the random generated key with your password (which the 320 does), then when you try to unlock the ssd it decrypts the stored key using the password and then try to decrypt known data. If the decryption fails, the password is wrong. I guess Intel didn't go this way as they don't necessarily have known data on the SSD. (They could have added some static known data somewhere on the drive that's a different discussion.) For those wondering if you can change your password, this is usually done by re-encrypting the key using the new password. I don't know if the 320-series supports this though, so a clarification would be great. Bonus question: What block mode is used with AES?