I got a partitioned SSD, 300gb for windows (unencrypted) and 200gb for linux debian that I would like to encrypt. Does anyone know how I can encrypt the linux system on the partition using the hardware encryption system from the SSD ? It's a 950 pro SSD.
Asked
Active
Viewed 3,459 times
2 Answers
1
I'm pretty sure your SSD has OPAL. I have the 850 Evo. You can use sedutil: https://github.com/Drive-Trust-Alliance/sedutil The setup instructions are quite detailed. The worst disadvantage is that it breaks suspend. Otherwise, all good. You might also want to see https://github.com/Drive-Trust-Alliance/sedutil/issues/6 if anything about the PBA does not work properly.
Wilhelm Erasmus
- 171
- 7
0
If the SSD & BIOS both support hardware encryption on the SSD itself (the OS won't even see it or have to do anything, no cpu overhead, I think suspended & hibernate would still work) then there should be an option in the BIOS somewhere to set a drive password - NOT just a boot or BIOS password. If nothing in the BIOS then something doesn't support it. Laptops seem more likely to support it.
It works similar to LUKS where erasing just the master key effectively "wipes" the drive.
Here's a little snippet & useful link from another answer of mine on SSD encrytion, definitely read the VxLabs linked page:
VxLabs' SSDs with usable built-in hardware-based full disk encryption page tells me:
Information on this is incredibly hard to find
<p>In some cases, the manufacterer uses the HDD password or ATA password (configurable via many laptop BIOSes, <strong>very few desktop BIOSes</strong>, or the <a href="http://vxlabs.com/2012/11/28/adding-the-ata-security-extension-bios-to-amibios/" rel="nofollow noreferrer">ATASX BIOS extension</a>) to encrypt the AES keys.</p>
