Samsung NVMEs always scrambling data using encryption key?

Question

I have made major changes to my body of text and title to clarify the question and the situation. Apologies for any confusion.

I recently purchased a Samsung 990 Pro NVME. It supports encryption, though Samsung support says that it needs to be explicitly enabled using BIOS Class 0, TCG Opal, or BitLocker (hardware encryption to use the built-in encryption engine).

Now, that is logical as the definition of encryption is to scramble the data and make it unreadable to unauthorised users. By default, the contents of the drive can be read by anyone with physical access to the drive since there is no key or password required.

In my own situation, I do not need to prevent unauthorised access to the contents of the drive while it is still in use by me. But I do need protections to ensure the data can be rendered unreadable in the case of an RMA (if drive destruction is not allowed) or sale of the drive.

The ultimate question, is the data scrambled using the encryption engine using a Data Encryption Key (DEK) without explicitly enabling encryption by setting a password or enabling encryption in Samsung Magician?

I am aware of potential flaws with the manufacturer’s implementation, but this is not a topic I am looking to touch on.

Answer 1

The thing is, Samsung support stated that their drives support encryption, but that it needs to be explicitly enabled.

From what I gathered, "enabling" encryption doesn't really enable it, as it is indeed always on and all data is already encrypted, but rather wipes the "clear" copy of the encryption key, so that the drive can no longer automatically unlock itself but requires a passphrase to be provided (via OPAL or via ATA security extensions).

The advantage of this method is that "enabling" encryption does not require encrypting and re-writing all sectors (which takes a long time, causes wear on the flash storage, and may end up leaving old copies of un-encrypted data around); all that needs to be rewritten is the few sectors holding the clear encryption key.

(It is similar to the BitLocker "suspended" mode that you sometimes see on fresh Windows installations – the entire disk is encrypted but the BitLocker header, which would normally hold passphrase-encrypted (or TPM-protected) copies of the Volume Master Key, instead holds a clear-text copy. In this mode, "Enabling" bitLocker will simply wipe the clear-text protector (to the best of the OS's ability) and replace it with a passphrase-encrypted one.

Answer 2

I just need sufficient protections in place should I have to sell or RMA the drive (unless they allow me to destroy it). In this case, would I benefit from data scrambling without the need to enable encryption

Does the SED question even matter?

Without asking ourselves whether the drive is a so called SED, if secure erasure is the main concern, NVMe specification which would apply to the Samsung drive as well, provides several secure erase methods:

"There are two types of secure erase. The User Data Erase erases all user content present in the NVM subsystem. The Cryptographic Erase erases all user content present in the NVM subsystem by deleting the encryption key with which the user data was previously encrypted." - source.

IOW the question you raise about encryption being enabled at all times or not, and the bulk of the OP being about this, becomes a red herring.

Back to SED anyway

This being said it seems unlikely to me the drive does not encrypt even if this option could somehow be disabled. And the reason for this is, as @NikitaKipriyanov mentions in the comments, modern NAND requires some kind of 'scrambling' or 'whitening' technique due to the nature of NAND.

Without it would suffer from an increase in bit errors. Scrambling was 'invented' to counter bit errors. Historically techniques like inversion (obsolete) and XOR shifting were used to increase entropy.

But encryption provides us with high entropy as it is. IOW the SDD relies on it, on some form of scrambling, and with the encryption engine baked into the controller it seems to me it's only logical it is always 'on' to provide this scrambling, encryption is the side effect in this case rather than the goal. - Reference.

Answer 3

You asked:

Since the encryption is essentially a black box, how could I even verify it?

You would need to reverse-engineer the firmware but even if you succeed in doing so you won't be able to reverse engineer the hardware.

Do not rely on black boxes. Use an alternative if available - and there are some.

Selling your disk to a random person is different than returning your disk in a RMA case. A random person is not aware of the content of the firmware and its abilities. Your disk manufacturer has written the firmware, though.

Asking Boeing or Airbus if they can remote control their planes or asking a storage manufacturer about the implementation of ATA security will not provide usable information for you.

The security of your data should not depend on a statement from support. What they say could be wrong without them doing anything wrong on purpose.