1

I have a new Samsung 850 Evo and would like to do a clean install. This time, I want full drive encryption enabled. So reading through the options, the most obvious one was: enable a hdd password in the bios / uefi and according to Samsung this would enable AES-256 encryption.

So I went into the bios of my Asus P8Z77-V Pro and set a admin and user password and installed windows. However when I then (on the same machine) booted a live debian and mounted the new SSD (read-only) I could access all the folders in "clear-text". So what went wrong there?

How can I check that my motherboard supports the necessary feature? (its not THAT old, so I think it should be able to do it).

What alternatives are there (ideally so that when I need to attach the drive to another system to rescue data it should work out of the box, i.e. without having to install bitlocker on unix or something..)

Xaser
  • 956

1 Answers1

1

To utilize this technology I would recommend you check out Window's Bitlocker, this is the software that can activate your SSD's encryption chip and should offer only minor performance penalty (note you probably will need windows Pro edition).

Now generally to utilize this technology to it's fullest potential your motherboard ideally would need to support a "TPM" module to store encryption keys of your system, a quick lookup of your Asus motherboard reveals it does not seem to have a TPM slot. Alternatively bitlocker allows you to store the encryption key data to a USB stick, meaning this USB stick is now essential to getting in your PC, though bitlocker does offer further secondary backup options.

For Samsung SSDs specifically I recommend starting with the "Samsung Magician" application which offers instructions on how to enable it. I believe the process starts by (re)initializing your drive with a "ready to enable" flag that lets you initialize hardware encryption as seen here: http://prntscr.com/ecdfsj.

A full guide can be found here: https://helgeklein.com/wp-content/uploads/2014/12/xSamsung-SSD-Magician-ready-Encrypted-Drive-status.png.pagespeed.ic.UMbvG3KTPm.webp

Going through the above steps does not yet offer password protection, just data security. As a password you could set a disk PIN, https://www.howtogeek.com/262720/how-to-enable-a-pre-boot-bitlocker-pin-on-windows/

hope it helps!

Robin Gould
  • 91