XPS 9710 - How does the HDD password work?

Thank you! We have received the required details. We will work towards a resolution. In the meantime, you may also receive assistance or suggestions from the community members.

@M120  Class 0 is the HDD password standard. TCG/OPAL is a completely separate standard that is used typically by enterprise-oriented, centrally managed solutions that are typically used to manage drive encryption on all laptops deployed within a corporation. But if data recoverability is a concern, I would strongly advise against relying on an HDD password based on an experience I had in this area. A friend of mine had a Latitude E7440 where he had enabled an HDD password, and later on his motherboard died. Since drives protected by HDD passwords can’t be used through USB enclosures, recovering data that way was impossible. But no problem, I thought to myself. I could just install his HDD into my own laptop and boot my system into a recovery environment that would allow me to make an image of his hard drive. So I installed his HDD into my laptop and got the HDD password prompt — but the password didn’t work. I tried using the built-in keyboard and a USB keyboard, and we were certain the password was correct. So then I wondered if it somehow had to be used in the same model system. A different friend of mine also had a Latitude E7440, and when I installed this HDD in THAT system, the same HDD password that had failed when attempted on my own laptop worked fine on that other E7440.

So I was able to get that data, but what if I hadn’t had access to another E7440?

I would strongly suggest using something like BitLocker or VeraCrypt instead. Both of those will be much easier to work with if you ever need to recover data from another system and/or through a USB enclosure, and with modern systems the overhead of software encryption is simply not an issue. In fact BitLocker a while ago switched away from using hardware encryption when available over to always using its own software encryption after security researchers published findings indicating serious problems with the implementation of hardware encryption in several SSDs they tested. Here is one of many stories published about that. Granted, the story is old now, but they also found major problems with 100% of the SSDs they examined.

This is exactly what worries me. I wonder why it is not possible to unlock the drive on other computers.

Contrary to popular belief, Bitlocker and especially Veracrypt affect performance and battery life despite of AES-NI instructions. The impact on sequential reads/writes and battery life is negligible (~5%), but the impact on random IO performance is significant (up to 6 times slower, depending on workload). I do a lot of database conversions, so random IO performance is very important to me. You can especially forget about Veracrypt, which cripples SSD performance.

The reports about security gaps in SEDs are somewhat exaggerated. In general, the problem was that the security level of some SSDs was not set to maximum by the firmware or the master password was either empty or set to factory settings.

@M120 I don’t know why it isn’t possible to unlock Class 0 drives elsewhere. Unlocking within Windows seems impractical because the HDD password prompt has to appear at boot. In theory I guess that could occur for drives in USB enclosures, but I haven’t seen that implemented. And the fact that different systems models can’t unlock each other’s drives is a big risk. In fact Dell initially didn’t even support HDD passwords on NVMe SSDs at all. They even had a KB article about this limitation, but that seems to have disappeared now that the limitation is no longer present on newer systems.

Anyhow, if BitLocker’s performance overhead isn’t acceptable to you, then I guess just make frequent image backups so that you’ll hopefully never have to recover data from that SSD. Good luck with your decision.

Tried out Bitlocker's hardware encryption. Problem there was that even though it worked, the Dell UEFI started asking for an HDD password when powering on the machine as well. You can press ESC and Windows is still going to boot but it's still cumbersome. Would be nice if there was an option to disable the HDD password prompt.