Question
Reply
 
Honor Student
Posts: 4
Member Since: ‎08-18-2013
Message 1 of 34 (7,325 Views)

How do I enable a self-encrypting drive (SED) on Windows 7?

Hi,

 

I recently purchased an EliteBook 8570w with Windows 7 Pro and a MTFDDAK256MAM-1K12 self-encrypting SSD drive (SED).

However, I cannot find an option to enable the self-encrypting feature. I've tried checking in the pre-boot options without luck (hitting Esc at boot).  For instance, I see menu options for DriveLock and Auto DriveLock but these are disabled in the BIOS menu.

 

And I have tried looking in the HP Protect Tools software but this appears to have only activated software encryption on the drive.

Any advice on how I can enable the hardware encryption (SED) feature?

 

Thanks,

Ken

 

Reply
0
Intern
Posts: 16
Member Since: ‎08-21-2009
Message 2 of 34 (7,289 Views)

Re: How do I enable a self-encrypting drive (SED) on Windows 7?

Honor Student
Posts: 4
Member Since: ‎08-18-2013
Message 3 of 34 (7,282 Views)

Re: How do I enable a self-encrypting drive (SED) on Windows 7?

Hi Pekkap,

 

Thanks for the link. The document you linked to reads:

That the drive must be provisioned and "Provisioning an SED requires SED management software."

and refers to ATA Drive Lock (HP BIOS).

 

However, when I enter BIOS via F10, the Drive Lock menu option is disabled. Do you know how I can enable this menu option in BIOS?

 

Thanks,

Ken

Master's Graduate
Posts: 1,066
Member Since: ‎10-03-2009
Message 4 of 34 (7,279 Views)

Re: How do I enable a self-encrypting drive (SED) on Windows 7?

>"Provisioning an SED requires SED management software."

>when I enter BIOS via F10, the Drive Lock menu option is disabled. Do you know how I can enable this menu option in BIOS?

 

I think you need extra software to enable it.  I.e. the SED is already encrypting/decrypting.  You need to have software to prompt you for the authentication key and this must be done in some boot code.

 

The above document says "HP ProtectTools is included with all HP workstations that ship with an SED".

Which may imply that it would only work if you bought that SED with a HP workstation but you have a laptop.

Honor Student
Posts: 4
Member Since: ‎08-18-2013
Message 5 of 34 (7,273 Views)

Re: How do I enable a self-encrypting drive (SED) on Windows 7?

>Which may imply that it would only work if you bought that SED with a HP workstation but you have a laptop.

 

The HP 8570w is an Elitebook Mobile Workstation.

Master's Graduate
Posts: 1,066
Member Since: ‎10-03-2009
Message 6 of 34 (7,271 Views)

Re: How do I enable a self-encrypting drive (SED) on Windows 7?

>The HP 8570w is an Elitebook Mobile Workstation.

 

Unfortunately the whitepaper is not specific enough to mention which workstations and what software is needed.

In any case, did your laptop come with the SED?

Honor Student
Posts: 4
Member Since: ‎08-18-2013
Message 7 of 34 (7,249 Views)

Re: How do I enable a self-encrypting drive (SED) on Windows 7?


Dennis Handly wrote:

In any case, did your laptop come with the SED?


Yep

Master's Graduate
Posts: 1,066
Member Since: ‎10-03-2009
Message 8 of 34 (7,246 Views)

Re: How do I enable a self-encrypting drive (SED) on Windows 7?

Have you tried contacting the HPSC?
http://www.hp.com/go/hpsc

Highlighted
Grad Student
Posts: 276
Member Since: ‎04-01-2011
Message 9 of 34 (7,234 Views)

Re: How do I enable a self-encrypting drive (SED) on Windows 7?

Self Encrypting Drives manage (and hide) all data encryption in the drive controller. You can enable protection of the SED by setting a password in the drive. Once that is done, the drive will only acknowledge any I/O when it is "unlocked' by providing that password

 

Now, there are 2 ways to set and manage that password (as the white paper suggested). You can have an Enterprise Management software with an agent that manages SED access corporate-wide (or workgroup-wide), OR, you can have the BIOS manage the SED password via Drivelock. What you may be missing is the fact that as a security precaution, you are required to setup a BIOS admin password to enable Drivelock. That way, someone else with access to the laptop could not go back into the BIOS, reset, the Drivelock and access your drive (whose data you are trying to protect) with impunity

 

Hope this helps, and sorry for the long response

Honor Student
Posts: 3
Member Since: ‎03-17-2014
Message 10 of 34 (5,721 Views)

Re: How do I enable a self-encrypting drive (SED) on Windows 7?

soccer_dan, thanks for that helpful info.

 

I have some additional questions that I hope you can help to answer...

 

  1. From what you stated, to use/enable the self-encrypting drive (SED) feature of the 256GB SSD such that the data stored on the drive is (hardware) encrypted and secured by a password, in the BIOS, I just need to set DriveLock Password (which will automatically prompt me to set a BIOS admin password), correct?
  2. Can there be more than 1 DriveLock password to unlock the drive?
  3. We have a bunch of HP EliteBook 9470m notebooks that have 256GB SED SSDs in them. Are the SSDs in the 9470m notebooks "Micron C400" drives? I ask because some of the "Enterprise Encryption Management" software such as Sophos SafeGuard mentions compatibility with specific OEM SSD models (Reference: http://www.sophos.com/en-us/support/knowledgebase/113366.aspx).
  4. Is WinMagic one of the Enterprise Encryption Management software providers that has compatibility with all of the SED SSDs used by HP computers? (Reference: http://www.winmagic.com/products/enterprise-server-encryption/self-encrypting-hard-drives)
  5. What is SecureBoot Configuration? Is that for Two-Factor Authentication to unlock the SSD?
  6. When running Windows 7 Pro, does the Boot Mode need to change from Legacy to UEFI Hybrid or UEFI Native or is that completely unrelated to the SSD/encryption?

Thanks in advance for any feedback.

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation