Solidigm

Hey folks,

Hope the following responses help with your questions:

1. Intel® SSD 320 Series drives are always encrypting the user data stored on the media, whether or not an ATA Password is set. In order to control access to your data or lock your SSD you do need to enable an ATA Password.

Background:

The encryption keys are securely held within the SSD device, hidden and encrypted using standard security techniques. These keys cannot be read by the user. All Intel SSD 320 Series drives do this. No user intervention is needed to enable data encryption on the NAND devices within the SSD.

If you were to remove a NAND component from the SSD, all data contained within the component is encrypted and keys are securely encrypted and hidden, therefore it is extremely low probability that any data could be recovered. Executing a SECURE ERASE function, such as that found in the Intel® SSD Toolbox, will cause the Intel SSD 320 Series drives to generate a new internal encryption key.

The ATA Password security interface is used to control the SSD's internal access to the encryption keys, and therefore the user's access to their data through the SATA interface. In order to lock access to the user data you do need to enable an ATA Password.

2. Support for ATA Passwords within BIOS or other means are system implementation specific. Most commercially available notebook / netbook systems include ATA Password functionality within their BIOS. The ATA Password is often referred to as an "HDD Password" in system BIOS. If the system allows, it is recommended that both "User" and "Master" passwords are configured for maximum security. Consult your system manufacturer's documentation, or contact your system manufacturer for support.

The Intel® Desktop Board DQ67SW, DQ67OW, and DQ67EP support the ATA Password functionality, called "HDD Password". On these boards, the HDD password support works in all SATA modes (IDE, RAID, or AHCI). The HDD password will only be applied to the drive on SATA port 0.

Note: The ATA Password is not a standard BIOS system password, as a standard BIOS system passwords control access to the specific platform / BIOS, not the SSD. Consult your system manufacturer's documentation, or contact your system manufacturer for support.

3. The ATA Password standards, and therefore Intel SSD 320 Series drives, allow for up to 32 byte passwords and contain no specific password "strength" requirements. 32 bytes enables users to create passwords with significant security "strength". It has been noted that some systems support ATA Passwords which are significantly shorter than 32 characters in length, and contain no password "strength" requirements. The utilization of the ATA Password security interface in system BIOS is system implementation specific. Consult your system manufacturer's documentation, or contact your system manufacturer for support.

4. In order to provide the absolute best security possible, there are no available password recovery solutions. If you lose or forget your ATA User Password and Master Password, your SSD will remain locked without access to read, write, or erase any data within the device. In this case, your SSD and your data are lost, and cannot be recovered by Intel.

5. ATA Password support in RAID or multi-drive installations are host system BIOS implementation specific. Consult your system manufacturer's documentation, or contact your system manufacturer for support.

Thanks. One major question: Where and how is stored that ATA password? There are utilities and tools how to read ATA password, and remove it. If you do this (can do this) the data if I understand this right is readable again. Is that true? I understand the "ironing" thing when memory chips are removed, thats great. But what about these utilities that can be used on "non FDE" drives?

Thanks for your response! I think you have cast some new light on the topic. I'm second Jan's questions concerning linking between AES keys and ATA keys but I have a few additional ones. They seem to be a little too specific but they touching very practical issues. Issues you as a producer and guarantor will have to cope with.

1. Point 4.3.2 of Intel Toolbox User Guide (ver 2.0) states that before any Secure Erase procedure the user has to remove all ATA passwords set on particular ssd device. To do that one has to unplug and replug SATA cable while SSD Toolbox is running which effectively unlocks the SSD. As far as I can understand this is not true for 320 and you can't strip the device's ATA passwords so easily? Am I right?

Because otherwise it contradicts your statment: "If you lose or forget your ATA User Password and Master Password, your SSD will remain locked without access to read, write, or erase any data...." Note that point 4.3.2 say nothing about knowing Master and User passwords.

2. You said: "If you were to remove a NAND component from the SSD, all data contained within the component is encrypted and keys are securely encrypted and hidden, therefore it is extremely low probability that any data could be recovered.".

Are you sure that all data contained within is encrypted? What about so called "negative cylinders" or firmware area where vital data for drive functioning is being stored (along with ATA passwords - usually)? Are they encrypted as well?

Are ATA passwords (not AES keys) encrypted, hashed or secured in any other way within the device?

3. Let's assume that User had set his own ATA User Password and Master Password and then he forgot both of them. Now he's returning the drive as broken. Does his warranty still valid? I can understand that ATA locked device is unreadible, unwritable and unerasable. But is it unservicable?

4. Using Intel Toolbox for Secure Erase requires running additional (external) operating system. Sometimes this in not possible. In case of conventional platter-based drives there are some tools which allow to invoke Secure Erase from bootable medium (cd/dvd or pendrive). To be specific they send ErasePrepare and following SecureErase ata commands from linux or dos-based enviroment. Could these tools (i.e MHDD) be used to trigger Secure Erase procedure on intel's ssds?

5. It is worth to notice that according to ATA Security Mode Specification the ATA Master Password is always being set. Even if the user has not set it manually (never) every drive leaving the factory has to have one. The question is very important: In case of intel 320 ssds is the ATA Master Password device specific or the same across all devices? If the second, is intel aware of how insecure it is considering the fact that most users will use their drives in High (not Maximum) Security Mode. In this mode you can fully unlock (for read and write) the device with Master Password. What if the default one leaks someday? Does intel plan to provide a tool for changing Master Password if bios does not support this feature (and most doesn't)?

Thanks in advance.

Mr Intel,

The Cryptographic Devil is always in the details (so to speak) so you will have to elaborate further than to refer to "standard security techniques."

Unless encryption is properly implemented, attacking an encrypted device becomes an exercise in hacking electronics rather than attacking a cipher and there are numerous examples of this (e.g. Sony).

Now to the question:

Is the ATA password, maybe together with something else (e.g. a random salt) used to encrypt the AES encryption key stored on the SSD?

When the 320 SSD is powered off, is the AES encryption key always stored in an encrypted form and is that encryption dependent on the ATA password?