I just bought a Samsung EVO 840, which supports AES-256 encryption.
Reading the very little documentation that I could find about SSD encryption, I found that I have to enter my BIOS, go to the security tab, select HDD encryption, and set a password. The problem is my BIOS Medionpc MS-7728, under the security tab, only has two options: Admin password and user password.
I couldn't find any specs of that bios where I could read if it doesn't support HDD encryption, or if it does and I just have to update the controller.
Do I have to update the controler so the bios recognizes the HDD encryption? And if not, what alternatives do I have to set up a password for my SSD?
Best Answer
I don't think your Medion motherboard/BIOS supports it. I think you'll need a newer BIOS or motherboard, and a laptop looks more likely to support it.
I did find a BIOS Update page on medion.com for
Version:2.09 , System:Win 7 64bit , Release date:11.01.2012
but it looks like the Samsung SSD 840 EVO was released in 2013, so it just may not be supported by your motherboard's update either...But VxLabs' SSDs with usable built-in hardware-based full disk encryption page tells me:
That last link sounds like a solution, at least for an AMI-BIOS. I don't think that's what you've got, so I don't think you can enable it. Or perhaps it already is enabled, but you can't change the password so it's always "unlocked" :-(
Here's some red herring info I dug up, on the way to the conclusion above.
I thought it was a feature that can be used by software encryption programs, like dm-crypt/cryptsetup/BitLocker/FileVault/truecrypt, etc... after reading about it, it sounds nearly identical to a LUKS volume, where the "random" key is used to encrypt the whole drive, and a user password & master password can be set to unlock the drive, and erasing the "random" key renders the drive effectively locked "forever."
But reading the Security Encryption Brochure (that's pretty thick with "marketingspeak") on your link I did't think it had anything to do with any BIOS settings, or really any settings on your computer. I'm not even sure if you would type in a password when you turn it on, it sounds more like a remotely managed system where the keys are set & verified by a remote server, so only the "safe" drives are allowed to decrypt & work, and any that try to turn on at the wrong time or place remain locked.
The brochure says:
So it didn't sound like it had anything to do with any software running at all. But that wouldn't make much sense unless you used an actual physical key to unlock the drive, and that wouldn't be very convenient. Reading further:
So it sounded like a large business / enterprise level system. But reading Samsung's Whitepaper 06- Protect Your Privacy - Security & Encryption Basics reads: