3

I have an Intel 660p NVMe SSD whose spec lists:

  • Hardware Encryption Yes
  • Encryption Algorithm 256-bit AES

I used it as a replacement drive for Fujitsu Lifebook U748. That's the laptop I used to enable the hardware encryption on it using the facility available in BIOS. At some point I had to return the laptop and now I am left with the encrypted drive that I have no idea how to access.

The Fujitsu laptop's configuration lists various hard drive options including some that are "OPAL capable". I currently have access to Lenovo Thinkpad X280 where the spec lists "hard disk password" and which came with Hynix NVMe drive with "OPAL 2.0" on the sticker. I though I could use it to access my drive then.

I put the disk in and used sedutil-cli to query the drive but it didn't appear possible:

/dev/nvme0 No INTEL SSDPEKNW512GB

For completeness the output for the Hynix drive was:

/dev/nvme0 12 SKHynix_HFS256GD9TNG-L5B0B

I then tried with hdparm but got:

HDIO_DRIVE_CMD(identify) failed: Inappropriate ioctl for device

and that's apparently because hdparm talks ATA which the drive being NVMe doesn't understand.

Finally, I put the drive into ASRock H470M-ITX/ac motherboard, as its explicitly listed on the QVL, but no joy, the system immediately froze, I wasn't even able to get into BIOS.

Is there anything I can do to access my drive?

ᄂ ᄀ
  • 4,187
Johnny Baloney
  • 563
  • 5
  • 11

2 Answers2

0

I don't think you can recover your data. From what I have read, on the disk there is a encryption key stored in the encrypted form. It can be decrypted using your BIOS password. Nothing more is disclosed nor the precise algorithm how that is actually done.

So I would be interested to know:

  • When there is no BIOS password is the encryption key stored on the disk unencrypted and can you migrate such disk from one PC to another?
  • What happens if you happen to modify BIOS password? Is your HDD then useless?
  • When you take your disk into another computer with the same BIOS password will it work?

I am not aware Intel answering such questions nor disclosing any details.

So in theory if you were Intel and knew the password, you have a way to recover it, because on the disk it is encoded by your BIOS password. Unless they mix also password with some specific hardware information.

However there seems to be a way to erase the device and put it to factory state while losing data but at least having the disk working https://www.intel.com/content/www/us/en/support/articles/000057452/memory-and-storage.html

VojtaK
  • 131
0

Intel 660p supports TCG Pyrite, not TCG Opal. sedutil might be useless for the former (and it obviously doesn't recognize your SSD).

You need to look for more specialized software. TrueNAS claims Pyrite support.

ᄂ ᄀ
  • 4,187