I know that Dell systems don't support Class 0 hardware encryption (HDD password-based) on NVMe SSDs, but I'm not sure about eDrive. I do know that last time I checked, eDrive has a very painful setup process. Unfortunately I'm not sure what to check next, but fyi you may want to rethink using hardware encryption in general based on some recent security research covered in articles like this one. Granted, Intel SSDs aren't mentioned, but on the other hand the researchers found major problems in 100% of the SSDs they tested, which doesn't bode well for the others. Hardware encryption also doesn't even have a meaningful performance benefit at this point because CPUs for the last decade or so have had hardware acceleration for AES encryption and decryption operations that allows that work to be done without creating a bottleneck even on a modern NVMe SSD -- and software BitLocker takes advantage of that.
Thanks for your answer. Yes, I'm aware about potential breach of self-encrypting SSDs and I think it will be fixed ASAP. Potential risk is acceptable for me. I'm using this type of disks because of minimum performance penalty and you can simply turn encryption on/off in just a second. My previous disk was INTEL SSD 2500Pro SATA III and hardware-based BitLocker encryption (eDRIVE enabled) was working fine on my DELL E5570 many years. I have decided to upgrade to INTEL PCIe NVMe and now I can see that probably this feature is not fully supported in UEFI BIOS for this class of drives, but maybe DELL will check this and will provide us with BIOS update if possible. Interesting thing is, that I was able to turn on hardware-based encryption with BitLocker, an it was working, I was able to check it using manage-bde command, but after system reboot Windows is booting to "Startup repair mode".
jphughan
9 Legend
•
14K Posts
0
January 29th, 2019 09:00
I know that Dell systems don't support Class 0 hardware encryption (HDD password-based) on NVMe SSDs, but I'm not sure about eDrive. I do know that last time I checked, eDrive has a very painful setup process. Unfortunately I'm not sure what to check next, but fyi you may want to rethink using hardware encryption in general based on some recent security research covered in articles like this one. Granted, Intel SSDs aren't mentioned, but on the other hand the researchers found major problems in 100% of the SSDs they tested, which doesn't bode well for the others. Hardware encryption also doesn't even have a meaningful performance benefit at this point because CPUs for the last decade or so have had hardware acceleration for AES encryption and decryption operations that allows that work to be done without creating a bottleneck even on a modern NVMe SSD -- and software BitLocker takes advantage of that.
tteri
2 Posts
0
January 29th, 2019 23:00
Thanks for your answer. Yes, I'm aware about potential breach of self-encrypting SSDs and I think it will be fixed ASAP. Potential risk is acceptable for me. I'm using this type of disks because of minimum performance penalty and you can simply turn encryption on/off in just a second. My previous disk was INTEL SSD 2500Pro SATA III and hardware-based BitLocker encryption (eDRIVE enabled) was working fine on my DELL E5570 many years. I have decided to upgrade to INTEL PCIe NVMe and now I can see that probably this feature is not fully supported in UEFI BIOS for this class of drives, but maybe DELL will check this and will provide us with BIOS update if possible. Interesting thing is, that I was able to turn on hardware-based encryption with BitLocker, an it was working, I was able to check it using manage-bde command, but after system reboot Windows is booting to "Startup repair mode".