The goal: In a home computer, to ensure that in the event of theft of drives with or without the computer, that the drives are unreadable. Am wanting to protect financial and personal information.
Secondary goal: To have that encryption be hardware based, so there is no performance drop. Ideally, the hardware that's in the Samsung EVO SSDs.
Tertiary goal: To be able to use the encrypted disc on another machine with the entry of another code. I.e., to not be completely restricted to using the disc on one machine, in case that machine breaks and I have to access the disc in another computer.
ASRock Extreme6 mobo, Samsung 840 and 850 EVO SSDs, in hotswap bays that can be easily removed and replaced. Intel CPU i7 that can handle AES-NI. TPM installed. Win 7 Pro x64.
Bitlocker failed miserably. Encrypting system disc (which is the goal, not folders) resulted in repeated requests to enter the key on reboot despite clearing TPM, changing TPM administration options on PCR in Bitlocker, suspend/resume many times, BIOS locking with password, etc. Either Bitlocker would require registration key every time, or it just wouldn't lock. I am not interested in wasting any more time on Bitlocker.
ATA password: My concern is that should I have a computer fry-out and have to buy a new computer, the discs will be unreadable in a new system, since the ATA password method is very specific to the hardware of the computer. Bitlocker would have been fine...in the eventuality of having to use a new computer with a Bitlocker eDrive, one needs only enter the registration key. Unfortunately, Bitlocker doesn't work on my setup for unknown reasons.
ATA drive passwords, while remarkably secure once the SSD powers off, and remarkably fast given the SED hardware in Samsung EVO drives, nonetheless requires a system BIOS that supports it. This feature is rarely present on desktops and intermittently (and inconsistently) present on laptops. Mobo makers are hesitant to have it there because if a password is lost, it's such a secure method that the data will be gone forever, and they're worried about noobs doing that. Just for fun, do a search for Mobo's that support ATA drive passwords. You can't. No one even mentions it.
The only options I can see are something that is Opal 2.0 compliant (Winmagic, or some things I've seen on SEDutil) or Veracrypt. Can anyone offer their experience with this situation? I am not wanting to waste any more time on Bitlocker, but I do want to use Hardware supported FDE in a SED. Do either of these solutions utilize hardware encryption so that there's no performance hit? Can either/both have the disc be used on different computers from the one on which the FDE was implemented? Thanks in advance.
