Hardware Encryption Modules

Similar Messages

• System Requirements for Hardware Encryption on Crucial SEDs

   
  The majority of current Crucial SSDs are Self-Encrypting Drives (SEDs) which means all data is always encrypted by the controller when written to the NAND and decrypted when read. Windows 8 BitLocker can work with this built-in hardware encryption ability when you apply a password in Windows, provided the following requirements are met:
  •    BitLocker only supports TPM version 1.2 and 2.0 (or newer). In addition, you must use a Microsoft-provided TPM driver (Please note, BitLocker can also work without a TPM, but it will need a USB flash drive to set the password instead)
  •    The system needs to support UEFI 2.3.1
  •    Make sure UEFI boot is enabled and you have a UEFI enabled Windows 8 installed
  •    The computer must boot natively from UEFI.
  •    The boot order must be set to start first from the SSD (not the USB or CD drives)
  •    Dynamic discs are not supported by BitLocker
  •    The SSD must have two partitions (drives with Windows installed generally do anyway) and the main partition to be encrypted must be NTFS
  •    Ensure ATA Security features, for example Secure Boot, are disabled in the BIOS. The M500 supports either ATA Security or TCG Opal (which is needed for SED) but not both.
  •    The system needs to support Opal 2.0 The Opal 2.0 standard is not backwards compatible; Crucial SEDs are not compatible with Opal 1.0
  •    The computer must have the Compatibility Support Module (CSM) disabled in UEFI.
  Looking for more information on Crucial SSDs?  Learn more here!
  Looking for Customer Service? Contact Crucial Support for your region.

  i'm very glad to read, from the article you referenced, that there's no performance hit.  but that's only 1 of 2½ issues.  i have some follow-up questions.  perhaps we should take this to a forum instead of the knowledge base?
  -what about prior issue #2 (securely wiping the drive)?  is this easily and instantly doable?  we'll ignore #3 (relying on microsoft gets ½ a point). 
  -with the encryption keys stored on the controller, doesn't using third-party encryption software mean the keys themselves aren't encrypted by a user pw, making it that much easier for someone with physical access to the drive to extract them from the firmware?
  -if the controller is doing the encryption, why bother with bitlocker?  is it so slightly-more-savvy-than-average joe can easily enable it, or so you don't have to write it into the firmware?  (i'm being serious, not snarky--i'm a software developer myself.)  personally, i'm dual-booting win7* and ubuntu 14, which means i need 2 separate encryption methods instead of just supplying my credentials at boot to decrypt the hd and then choosing which os to load.
  -also, if i upgrade the windows os, ms requires the os volume to be decrypted first.  this would obviously not be the case if windows was unaware that it was encrypted.
  *last, what about those poor silly saps who are running win7 (or earlier)?  i just read that win7 bitlocker doesn't support self-encrypting drives--it was an update as of win8.  we're just out of luck?  i realize you can't support everything, but win7 is still a ms-supported os, and it seems like a better service to (more of) your customers to enable full-disk encryption all the time.
  thank you!

• 3750x to 3750x hardware encryption

  Hello,
  I have a WAN link running at 10GB thru the Fiber Module on my 3750X.
  Each datacenter has 1 3750x switch stack, with 10GB WAN link between the 2 datacenters.
  I want to encrypt the WAN connection, but I want to use Hardware Encryption.
  Is this possible, and what module do I need to purchase?
  Thanks...

  http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3750-x-series-switches/product_bulletin_c25-688868.html
  See the SKU at the bottom of the page.

• Can anyone recommend a portable USB 3.0 drive with hardware encryption, compatible with OSX and Windows 7.  I need it for my MacBook Pro 13", 2012, running Mountain Lion

  Can anyone recommend a portable USB 3.0 drive with hardware encryption, compatible with OSX Mountain Lion and Windows 7.  I need it for my MacBook Pro 13”, 2012, running Mountain Lion & Windows 7 Ultimate - BootCamp.  I’ve heard that the Buffalo MiniStation Encryption does not work with OSX, is that true..?  I'd like it to work with both operating systems, using the built in hardware encryption.  Thanks

  This article may help: A flashing question mark appears when you start your Mac.

• The Advantages of Hardware Encryption

  If you're looking for instructions on how to use the Hardware Encryption feature of Crucial SED's, Brad_TheCru has posted a video and a written a guide to using BitLocker with Crucial SED
  An SSD that has encryption built into the hardware is more commonly referred to as a Self-Encrypting Drive or SED. This means the encryption is done by the controller on the drive, supported by a set of instructions in the firmware. There are several advantages to using hardware encryption rather than software encryption on SSDs.
  The first advantage is that the encryption feature is optimized with the rest of the drive. If a user applies software encryption to a storage drive this adds several extra steps to the process of writing to the drive, since the data needs to be encrypted by the encryption software while it is being written. That same data then needs to be decrypted by the software again when the user wants to access it, which slows down the read process. In other words, adding a layer of software encryption negatively impacts the performance of an SSD.  The hardware encryption of an SED is integrated into the controller, which means there is no impact on SSD performance either in the short term or in the long run. The read and write speeds are already taking encryption into account, since it already happens on every write cycle and decryption happens on every read cycle. The encryption is simply a part of the drive’s normal operation.
  This in turn has several advantages. To begin with, since the encryption is a part of the drive’s controller it provides pre-boot data protection. Running a software utility to try and break authentication codes is not a possibility since the encryption is active before any software has started to load. Another advantage of an encryption feature that is active at all times is that this makes it possible for the drive to meet the compliance requirements of government standards for data in banking, finance, medical, and government applications, by adhering to TCG Opal 2.0 specifications and IEEE-1667 access authentication protocols. Crucial SEDs also support the standard full disk encryption protocol through the ATA-8 security command feature set.
  Lastly, since the encryption takes place on the SED and nowhere else, the encryption keys are stored in the controller itself and never leave the drive.
  All a user needs to take advantage of an SED’s encryption ability is a software utility that provides encryption key management for SED devices. Crucial SEDs are fully compliant with Microsoft’s eDrive standard, which provides simple plug-and-play data security through the use of Windows 8 BitLocker. Since Windows 8 BitLocker doesn’t need to encrypt the drive before it can be used (that has already been done by the SSD’s controller) there is no delay or wait for encryption to take place. Once Windows 8 BitLocker is enabled the SED is instantly ready to use. All you have to do is let the Self-Encrypting Drive operate just the way it has all along, and enjoy the peace of mind and high performance of a hardware-based encryption drive.
  Looking for more information on Crucial SSDs?  Learn more here!
  Looking for Customer Service? Contact Crucial Support for your region.

  There won't be any compatible processes left over from the previous installation (unless you put them back later). The same is true if you prepare your existing installation before upgrading it.
  Make a backup first, whatever you choose to do.

• T440s - implementing hardware encryption on the OPAL compliant HDD

  I just recently received my new T440s which I ordered with Windows 7 Professional and a 500GB HDD w/OPAL.  I choose the OPAL drive so that I could implement encryption at the hardware level.  I can't find information on how to implement/activate encryption on this drive in the User Manual.  
  1)  Does anyone know how to do so and where the instructions are located?
  2)  My other question is regarding the 16GB M.2 Solid State Drive and the M.2 slots that comes with "most" T440s.  I didn't noticed till after I had placed my order that when I chose the OPAL compliant drive, this 16GB M.2 SSD disappeared from my configuration. Also least on my configuration there was no "third" M.2 card slot included.
  If I run a new T440s configuration today on the Lenovo website and choose the OPAL compliant drive, the 16GB M.2 SSD disappears but the "3rd M.2 SSD Slot" remains in the configuration.
  My question is can I install a 16GB M.2 SSD in my laptop at all?  or does having a hardware encrypted drive (which I don't know is even encrypting at this point) prevent me from using this cache?  configuring a new T440s today seems to include at least the third M.2 slot so it sounds like one should be able to install an SSD there.
  thanks
  archie
  Solved!
  Go to Solution.

  The 512GB option in current ThinkPads is not OPAL.
  ATA-Security without encryption means that you must provide the password to the SSD's controller before the controller itself will provide access to the NAND chips (although the data on the NAND chips is not encrypted).  In theory it is possible to replace the password-locked controller with an unlocked controller and then get access to the data that way.  But I think it would take an NSA lab (or similar) to do this type of hardware hacking.
  Another option is to just use software encryption like BitLocker.  On an SSD system, it is very fast and you won't notice a performance decrease in any real-world usage.

• What is the difference between Hardware Encryption & On-Board Encryption & Device Encryption

  Hi
  Can anyone explain me, What is the difference between Hardware Encryption & On-Board Encryption & Device Encryption.
  Thanks

  http://images.apple.com/iphone/business/docs/iOS_Security_Oct12.pdf

• Hardware Encryption on 3GS

  Ok, maybe I am missing something but... is this on by default and not able to disable or is there a way to enable this? Being in a hospital environment we would need to verify or be able to prove that hardware encryption is in fact on and working. I manage a BES environment now, and I have a corporate policy set to enable hardware security on all of our Blackberry devices. I have been through the 3GS with a fine tooth comb and can not locate anywhere to enable/disable the encryption. Any info would be greatly appreciated.

  As I understand it:
  - Hardware encryption of the entire flash memory is enabled by default on all iPhone 3GS
  - There is currently no way of accessing the encryption key, it seems to be generated by the phone, and is only stored on the phone itself. The only way to get a new key is to do a complete device erase.
  - The encryption is transparent, that means that someone with access to the phone could use it, access the data, and even by jail braking would be able to transfer all the data. To all applications running on the phone, it looks like nothing is encrypted.
  - You need to rely on the iPhone OS to prevent unauthorised access to any data. So you need to trust it that it has no vulnerabilities (tough when Apple is not using the current state of the art, as buffer overflows are completely avoidable, and the 3GS can still be jail broken) and you need to make sure that physical access to the device is prevented by setting up a pass code.
  - As explained above you will need to set up iTunes to encrypt the backup it generates, otherwise this would be backdoor into the iPhone device data.

• About Hardware encryption AES 256 bit crucial mx100

  My question works it automatically or works the hardware encryption windows only ?
  because not sure is it safe enough and also about speed.
  sorry for my terrible English. You can answer in German and English thanks.
  Meine Frage ist ... ob die Hardware Verschlüsselung automatisch vom Controller crucial mx100 gesteuert wird oder funktioniert es nur unter Windows ?
  es muss ich filevault benutzen um die Daten zu schützen ?

  Hardware encryption is a feature of SSD's. It is transparent to the user and you don't have to do anything to enable it. The data on the SSD is encrypted with a random key. When you erase the device, the key is destroyed. You can't use hardware encryption to protect your data from theft. For that, use FileVault.

• I forgot my macbook hardware encryption

  how to crack hardware encryption for macbook?

  Mac OS 9000 wrote:
  If you mean firmware, you can't...
  When you lock the firmware, it says that you cannot crack it if you forget it.
  Rubbish: -  http://support.apple.com/kb/TS3554
  "Only Apple retail stores or Apple Authorized Service Providers can  unlock a MacBook Air (Late 2010), MacBook Pro (Early 2011), or iMac (Mid 2011) computer protected by a firmware password."
  Now what model do you have ahmetkadirbulan?

• SL500 - Enabling Hardware Encryption for Tape Drives

  I have a SL500 with seven HP StorageWorks LTO-4 Ultrium 1840 tape drives. These tape drives have hardware encryption capabilities and several ways to configure the encryption settings.
  In the white papers for the HP LTO-4 encryption technology (http://h71028.www7.hp.com/ERC/downloads/4AA1-4878ENW.pdf), all possible ways to manage the encryption settings are listed. One possibility, native mode encryption, is mentioned: "This method controls the LTO4 encryption from within the tape drive library. There is one key that is set by way of the library management interface (Web GUO or Operator Control Panel). This method encrypts all tapes with the same key, with the downside of negatively impacting the security level."
  Does the SL500 provide any to do this?

  We just got an SL500. When the Sun engineer was onsite, he mentioned an encryption capability. The way he explained it, there is an optional chip that needs to be purchased, as well as an encryption server. Once this is in place, encryption is easily done. If you were to have the same setup at a DR site, the encryption server would auto search for the encryption key whenever the tape is read. Seems to be a good system, but I have no experience with as we do not have that policy....yet
  HTH

• HD/SSD with hardware encryption

  Dear everyone!
  I have a MacBook Pro 13" late 2009. I work on a corporate environment and security is top priority. I would like to know options and recommendations for SSD or Hard Disks with HARDWARE ENCRYPTION that will work with this notebook. I don't want to put extra work on the CPU for encryption.
  I assume that doing this will allow me to still backup my notebook at home with Time Machine. By the way, how can I encrypt my backup?
  Thanks everyone in advance,
  Luis.

  The only ones I know of are the Samsung units - rumored to go consumer mid to late 2009.
  http://www.xbitlabs.com/news/storage/display/20090417223457Samsung_Ships_Solid_State_Drives_with_FullEncryption.html
  http://www.computerworld.com/s/article/9131684/Fulldisk_encryption_comes_to_SSDs_for_mobile_deviceslaptops
  In terms of encrypting your backup drive you can use something like PGP. It's software based of course.

• Hardware encryption not compliant

  My company uses MaaS360 for MDM purposes.  I have a customer who updated his Nokia Lumia 625 to Windows Phone 8.10.  As a result of update, MaaS360 is indicating that compliancy is not met with either Device Passcode or Hardware encryption.  Any
  additional add-ons needed or what is general recommendation?

  Is it possible MaaS360 is not aware of Windows Phone 8.1? 8.1 continues to support device encryption and PINs of course.

• MACsec between 2 3560-X without encryption module

  Hello,
  I only need to encrypt an UTP link (copper UPLINK 1GB) between 2 switches.
  Do I need a separate service module to do this? In the FAQ is confusing.
  Thanks in advance
  Regards.

  Hello, Alexis. 
  Yes, you need to have a network module that supports MACsec on both 3560-X to have a two way encryption. What network module are you already using on your 3560-Xs? Let me know if you have other concerns or e-mail ([email protected]) me directly. Kind regards. 

• Apple developer keys hosted in hardware security modules

  Is it possible to configure the Apple KeyChain to use keys (private keys), related to either developer or distribution certificates, hosted in external tokens (smartcard or HSMs)?
  Thanks

  When you setup a device password, it is used as a seed to create a filesystem encryption key which is then used to encrypt the file system. This way when you send a device wipe command, they just blow away the encryption key from the crypto processor and you are done, instead of having to wipe upto 32Gb of Flash memory with crap.
  You cannot get certs back out of the device.
  You need to take a leap of faith here and assume this is protecting everything.
  I can bet your  Security team can't get squat out of the device with a physically connection and no access to the device password. They will just get photos.
  Ashish