I have just purchased an XPS15. I understand that the mSata drive (a Samsung 841 512GB) supports on-chip encryption, however I'm struggling a bit to understand how to enable this. I have read some posts which seem to suggest that it's as simple as going in to the BIOS and configuring the "HDD Password", option in the security section, however this seems just a little too easy (I was expecting to have to create a public/ private keypair or something to that effect).
Can anyone authoritatively confirm whether this is indeed the correct way to configure encryption on the disk? Or is this just a basic BIOS level password which somehow protects the disk simply by virtue of the fact that it won't allow the machine to boot unless the correct password is entered?
Grateful for any advice here,
The SSD password does not encrypt the drive -- it simply blocks access to the contents of the drive.
FDE requires software -- apparently Samsung supplies Embassy WAVE software
The other way is to use BItLocker (if you have WIndows 7 Pro or Enterprise or 8 Pro or Enterprise -- it's not supported in 7 Home or 8 non-Pro).
Thanks for the confirmation, I thought that might be the case.
I'm running Ubuntu rather than Windows so BitLocker isn't of much help unfortunately. It doesn't look like there's much in the way of Linux tools to support SED drives using Opal yet. I think for now I'll just use a single software-encrypted LVM partition and take the slight hit on performance.
I don't know if you have gotten additional information in the last 6 months, but the answer you received previously was completely wrong!
It IS as simple as going into the BIOS and configuring the HDD Password. The drive has encryption built-in - all data written to the drive is automatically encrypted with no configuration. However, by default the drive has no password set. The way to set the password for the drive is either:
A) Go into the BIOS and set the HDD Password. After you have done this, any computer you put the drive in will require this password to be entered before the drive can be read.
B) Turn on BitLocker encryption in Windows 8. BitLocker will use the built-in hardware encryption if available. This results in instant encryption using whicher BitLocker security method you select (USB Key, Password, etc.) Software encryption can require several hours to do the inital encryption of data on the drive.
Hope this might clear up the confusion for someone out there.
This as dangerous advice. The hard drive password (or SSD password) does nothing to encrypt the drive. If you decide to password-protect the drive, keep the password safe AND keep backups -- you will one day need both.
And BitLocker is exclusive to the Pro version of Windows - not shipped with consumer-grade systems, so it isn't an option here.