08-18-2013 08:01 AM
I recently purchased an EliteBook 8570w with Windows 7 Pro and a MTFDDAK256MAM-1K12 self-encrypting SSD drive (SED).
However, I cannot find an option to enable the self-encrypting feature. I've tried checking in the pre-boot options without luck (hitting Esc at boot). For instance, I see menu options for DriveLock and Auto DriveLock but these are disabled in the BIOS menu.
And I have tried looking in the HP Protect Tools software but this appears to have only activated software encryption on the drive.
Any advice on how I can enable the hardware encryption (SED) feature?
08-31-2013 11:36 PM
Thanks for the link. The document you linked to reads:
That the drive must be provisioned and "Provisioning an SED requires SED management software."
and refers to ATA Drive Lock (HP BIOS).
However, when I enter BIOS via F10, the Drive Lock menu option is disabled. Do you know how I can enable this menu option in BIOS?
09-01-2013 02:14 AM
>"Provisioning an SED requires SED management software."
>when I enter BIOS via F10, the Drive Lock menu option is disabled. Do you know how I can enable this menu option in BIOS?
I think you need extra software to enable it. I.e. the SED is already encrypting/decrypting. You need to have software to prompt you for the authentication key and this must be done in some boot code.
The above document says "HP ProtectTools is included with all HP workstations that ship with an SED".
Which may imply that it would only work if you bought that SED with a HP workstation but you have a laptop.
09-02-2013 08:15 AM
>Which may imply that it would only work if you bought that SED with a HP workstation but you have a laptop.
The HP 8570w is an Elitebook Mobile Workstation.
09-02-2013 10:22 AM
>The HP 8570w is an Elitebook Mobile Workstation.
Unfortunately the whitepaper is not specific enough to mention which workstations and what software is needed.
In any case, did your laptop come with the SED?
09-10-2013 10:30 AM
Self Encrypting Drives manage (and hide) all data encryption in the drive controller. You can enable protection of the SED by setting a password in the drive. Once that is done, the drive will only acknowledge any I/O when it is "unlocked' by providing that password
Now, there are 2 ways to set and manage that password (as the white paper suggested). You can have an Enterprise Management software with an agent that manages SED access corporate-wide (or workgroup-wide), OR, you can have the BIOS manage the SED password via Drivelock. What you may be missing is the fact that as a security precaution, you are required to setup a BIOS admin password to enable Drivelock. That way, someone else with access to the laptop could not go back into the BIOS, reset, the Drivelock and access your drive (whose data you are trying to protect) with impunity
Hope this helps, and sorry for the long response
07-31-2014 10:08 PM
soccer_dan, thanks for that helpful info.
I have some additional questions that I hope you can help to answer...
- From what you stated, to use/enable the self-encrypting drive (SED) feature of the 256GB SSD such that the data stored on the drive is (hardware) encrypted and secured by a password, in the BIOS, I just need to set DriveLock Password (which will automatically prompt me to set a BIOS admin password), correct?
- Can there be more than 1 DriveLock password to unlock the drive?
- We have a bunch of HP EliteBook 9470m notebooks that have 256GB SED SSDs in them. Are the SSDs in the 9470m notebooks "Micron C400" drives? I ask because some of the "Enterprise Encryption Management" software such as Sophos SafeGuard mentions compatibility with specific OEM SSD models (Reference: http://www.sophos.com/en-us/support/knowledgebase/
- Is WinMagic one of the Enterprise Encryption Management software providers that has compatibility with all of the SED SSDs used by HP computers? (Reference: http://www.winmagic.com/products/enterprise-server
- What is SecureBoot Configuration? Is that for Two-Factor Authentication to unlock the SSD?
- When running Windows 7 Pro, does the Boot Mode need to change from Legacy to UEFI Hybrid or UEFI Native or is that completely unrelated to the SSD/encryption?
Thanks in advance for any feedback.