cancel
Showing results for 
Search instead for 
Did you mean: 

Intel 320-series SSD and FDE (Full Disk Encryption) questions...

idata
Esteemed Contributor III

I am considering to buy a couple of new solid state drives for my company. A requirement is FDE and according to some info I found the new 320 series should support this. I have a few questions:

1. As far as I know none of our computers have any support in BIOS for disk password. Is this required for FDE to work with the 320 series or how exactly does the encyption / password entry work?

2. If we would like to use a RAID configuration (RAID 0 striping) is it still possible to use FDE and if so do one have to enter a password for each disk?

3. What about using two disks in the samer computer (non-raid) that is used to dual boot two different operating systems (say Linux and Windows 7) installed one OS on each drive - does FDE work in this case and would one have to enter a password twice?

4. Is the FDE solution dependent on some support in the OS (in that case what OS does it work with) or is it independent?

5. Do you have some white paper about the FDE with for instance information about how much slower it is compared to a non FDE drive?

6. I have read that TRIM does not work with SSDs in RAID configuration. Is this still the case and how dependent is the 320-series of TRIM?

/Trist

CORRECTION : I just found that our Dell Precision M6500 computers do have a field in the BIOS for disk password so I am interested in the questions above (two disks in the machine with or without RAID) also for this configuration. How do I know if the 320-serias FDE is compatible with the disk password setting in the dell M6500 machines? Is there a standard for this that all BIOS manufacturers follows or??

123 REPLIES 123

plee21
New Contributor III
New Contributor III

Hi

To move the drive to another PC remove the password in the original PC first.

You don't have to do a secure erase unless you are giving the drive away, just delete the partitions and start again, in theory running the Intel Optimise function permanently destroys old data. To do a secure erase requires you to hot plug the SSD into the computer after it has booted so that isn't locked to low level security commands. To do this connect the power cable to the drive but disconnect the SATA cable, then reboot, once the system has booted connect the SATA drive cable. I'm not sure if you can do this via USB.

Regards

Phil

JHick3
New Contributor

Can someone from Intel please respond to Ryan's comment above:

If Ryan is correct and the 320 doesn't use KDF for the second AES key, the information provided by Intel is wrong. If the AES key is not encrypted by the ATA password than the 320's FDE implementation is broken and the hashing argument is irrelevant. A comment from Intel would be appreciated.

Technical specifications for any device like this should be public and I encourage everyone to demand them. I've read every comment on this thread numerous times and only one conclusion can be drawn from it: Intel currently implements black box security in the 320 series SSD.

plee21
New Contributor III
New Contributor III

Hi

The whole encryption thing with Intel SSDs seems to be more marketing than anything. In their literature they fail to point out that for encryption to be any good, you need to set a password first, and not all systems will support that. Intel don't seem to engage in any discussions regarding how we can secure our data using their SSDs. It's an additional worry that the even adding a password might still mean we have weak security anyway.

Currently I'm waiting for an Intel response on the fact some of their own brand new motherboards have broken support for setting the password, so at best you can't set one, at worse your PC might not boot up again!

Here is hoping for some information.

Regards

Phil

idata
Esteemed Contributor III

Anyone know if the 330 series also supports AES? I'm getting mixed information from Intel Tech Support. They claim only the 320 series and 520 support AES? This post also has a broken link that I can't use to confirm: