cancel
Showing results for 
Search instead for 
Did you mean: 

Hardware encryption on P4510 series drives?

MSant21
New Contributor

Hello,

I'm evaluating the Intel P4510 series drives for an application where we'll need encryption on Linux. I've ordered in a few 2TB drives, and was planning to kick the tires on hardware encryption to determine impacts to drive performance. The software implementations for encryption like LUKS2 will be too slow for my application.

Could you please confirm that the P4510 series support TCG Opal 2.0, as indicated on the product brief? The brief calls out TCG Opal 2.0, but has a footnote saying that all management features are not implemented, and alludes to them possibly being implemented after product launch. This marketing material is misleading at best.

If Opal 2.0 is not supported, what hardware encryption is supported, and could you please point me to instructions for setting it up? Thank you.

Regards,

Mike

10 REPLIES 10

idata
Esteemed Contributor III

Hi Mike,

After investigating on your concern about the encryption requirements, I was confirmed that AES-256 encryption is indeed a feature included in the Intel® SSD DC P4510 Series, however it cannot be enabled or disabled. It is actually built in to the ASIC of the product. It encrypts any data that goes through the ASIC before it is sent out of the ASIC and written to the media.On the other hand, according to your description above: "We just need some way to set the hardware encryption key…", our interpretation is that you would like to customize the encryption key in some way. Unfortunately, this is not possible. The key can only be changed through a secure erase process, but the drive firmware is the one that generates the new encryption key. This is not something that can be customized or edited in any way.I hope you find this information helpful.Have a nice day.Regards,Diego V.

Hi Diego,

Maybe I'm not understanding the P4510 encryption functionality correctly. What protection does hardware encryption provide if there is no way to set the key? The essence of TCG Opal 2.0, which was advertised as a feature on this drive, is that it allows you to set the encryption keys in a standardized manner.

Regards,

Mike

idata
Esteemed Contributor III

Hi Mike,

I understand, however Opal is not currently supported on this drive. It's expected to be included in future releases but in the current one, there is no Opal support.The information above is referring to the current encryption method the drive has, which is built-in and enabled by default. It's not possible to disable it, or to edit the encryption key in any way as that's handled directly by the firmware.I hope this clarifies better this information.Regards,Diego V.

idata
Esteemed Contributor III

Hi Mike,

I was wondering if there is anything else, besides what we have already discussed about the Opal support or the encryption the Intel® SSD DC P4510 Series uses, that I can help you with.Regards,Diego V.

No, but thank you for reaching out. I'm pretty disappointed in the misleading datasheet on Opal 2.0 support on these drives.