This post is more than 5 years old
1 Rookie
•
104 Posts
0
5599
XPS 9560 NVMe hardware encryption support
When will you release a BIOS that supports this as Samsung has implemented this but needs laptop makers to update the BIOS to support this.
This post is more than 5 years old
1 Rookie
•
104 Posts
0
5599
When will you release a BIOS that supports this as Samsung has implemented this but needs laptop makers to update the BIOS to support this.
Top
jphughan
9 Legend
9 Legend
•
14K Posts
0
June 15th, 2018 06:00
All that to say, consider using BitLocker encryption. Yes, it's software-based, but CPUs for a decade now have had built-in hardware acceleration for AES operations, so even at NVMe speeds, encryption does not introduce a bottleneck -- and there are FAR more options for recovery from other systems, including when installing a drive in an external enclosure, which isn't possible when the drive is protected by an HDD password.
ThomasXPS15
1 Rookie
1 Rookie
•
20 Posts
0
June 28th, 2018 23:00
Hello,
I have also tried to enable hardware encryption for my new EVO 970 on the brand new XPS 15 9570. What I have done so far:
- change bios setting for storage controller mode from RAID to AHCI to use Microsofts default MVME drivers (after changing this setting you need to reboot with safe settings into Windows 10, than it will start again without the "Boot device inaccessable" error message)
- EVO 970 made edrive activated (using Samsung Magician, secure erase..), fresh windows installation... -> edrive is acitvated
- try to activate Bitlocker but Hardware encryption is not used. I get following message in the event viewer for Bitlocker: "BitLocker failed to initialize hardware encryption for volume C:. This PC's firmware is not capable of supporting hardware encryption."
- activation of Bitlocker on a non-boot partition on the same EVO 970 drive uses Hardware encryption!
-> It seems, that DELL does not have BIOS support for eDrive for NVME as boot drives.
Dell: Will are you working on this? When will be get a BIOS update allowing us to use eDrive for NVME boot devices?)
Microsoft's documentation says, that following is required do activate eDrive on startup devices:
I think the problem is
Hopefully this will work in the future.
Regards,
Thomas.
ThomasXPS15
1 Rookie
1 Rookie
•
20 Posts
0
November 15th, 2018 01:00
Hello,
My XPS 15 9570 is now e-drive hardware encrypted. This is now possible. I think it was BIOS update 1.5.0 which allows this. I am using a EVO 970 2TB SSD as already described in my previous post.
Great!
Regards,
Thomas.
samos1111
1 Rookie
1 Rookie
•
490 Posts
0
November 15th, 2018 04:00
Techcrunch: "Security researchers have busted the encryption in several popular Crucial and Samsung SSDs"
jphughan
9 Legend
9 Legend
•
14K Posts
0
November 15th, 2018 06:00
@ThomasXPS15, eDrive was always available, as was TCG/OPAL. The hardware encryption mechanism that wasn't and still isn't available is Class 0, which is based on the HDD password -- because Dell systems don't support specifying an HDD password on NVMe SSDs. However, as the person who posted above me just referenced, some security researchers who looked at a few of these SSDs found that their encryption is basically useless, so you might want to rethink using it. Granted, they only tested older Samsung SSDs, but on the other hand they found massive problems with 100% of the SSDs they looked at, which doesn't really bode well. But more to the point, even if hardware encryption worked properly, there is no real benefit to using it. Software encryption in conjunction with CPU acceleration of AES encryption, which has been available for over a decade now, is fast enough not to create a performance overhead even when using modern NVMe SSDs. The only possible exception I can see would be dual boot systems where using hardware encryption could allow you to encrypt the entire drive under a single scheme, or if you're running an OS that doesn't have any software encryption solutions available, but even Win10 Home that doesn't have BitLocker has VeraCrypt available, and VeraCrypt is free, open source, and has been successfully audited by actual security experts.