Post new question
Question
Reply
 
Highlighted
Tutor
Posts: 6
Member Since: ‎04-07-2017
Message 1 of 12 (698 Views)
Accepted Solution

Trying to activate self encrypting hard drive - No Option for drive encryption in HP Client Security

[ Edited ]
Product Name: HP EliteBook 850 G4
Operating System: Microsoft Windows 10 (64-bit)

I am trying to enable my self encrypting hard drive (SED) (Samsung MZNLN256HMHQ-000H7) on my new computer, after reading this white paper I understand that HP Client Security Manager should be able to do that (the paper says HP ProtectTools, but I understand that has been rebranded as HP Client Security Manager on my machine).

 

However, when I open the security manage there is no option for hard drive encryption. 

 

Do I not have one of the "select models" that this applies to? I have an EliteBook 850 G4 - windows 10 64-bit

If not, how do I enable my SED?

 

I have looked into bitlocker but it seems that is software not hardware encryption.

 

Please help,

Reply
0 Kudos
Accepted Solution

Re: Trying to activate self encrypting hard drive - No Option for drive encryption in HP Client Secu

Here is my final chapter in trying to lock my self-encrypting drive (SED):

 

I have learned that HP Client Security is not supported on Windows 10 and will not lock my Samsung SED. HP technical support suggested I use Window's bitlocker to encrypt my drive. Bitlocker is a software based encryption service. I refuse to do this because of the performance degradation (the whole reason I bought a hardware based SED).

 

To set an authentication key and lock my drive I have been forced to purchased Winmagic's SecurDoc, which is the only non-enterprise software I could find that will lock my drive. It cost me over $100.

 

I am quite disappointed with HP for selling me a SED without the ability to lock it myself without additional software. I'll give them some credit that this was a custom set-up, and some blame should go to Microsoft for not allowing HP client security free reign.

 

 

More information I didn't find useful:

 

To lock a SED one needs to set an authentication key. I have read that many manufacturers will not enable this ability in the BIOS for fear that the customer will lock it and forget the password making the maching unless.

Another solution to my problem would be to obtain custom files to unlock this ability in the BIOS, this is beyond my ability.

 

I came across a few other solutions but they are beyond my ability as a computer user.

 

 

View solution in context
Tutor
Posts: 6
Member Since: ‎04-07-2017
Message 2 of 12 (623 Views)

Re: Trying to activate self encrypting hard drive - No Option for drive encryption in HP Client Secu

An update:

I have still been unsuccessful in solving my problem.

I thought the problem might have been with me not choosing to encrypt the very first time I opened the software so I have tried reinstalling the client security software. That did not do anything

(I am the computer administrator by the way)

 

This is driving me crazy I'm thinking about going to find other software.

 

If anyone has any ideas that might help me please let me know.

Honor Student
Posts: 2
Member Since: ‎04-11-2017
Message 3 of 12 (587 Views)

Re: Trying to activate self encrypting hard drive - No Option for drive encryption in HP Client Secu

[ Edited ]

I have the same problem.. Elitebook x360 1030 G2 with self encypting HD.

 

It would be nice if HP could just instruct you on how to activate the Self encrypting drive. I just want to be able to make a choice to "encrypt the HD" via its own chip/hardware, etc.  There are white papers around that have some information but it doesn't appear crystal clear to me.

 

there is no information on how to actually activate HD (hardware encryption). I called HP and the best they could do was tell me that there weer no instructions on how to activate it for Windows 10. windows 7 and maybe earlier versuions of windows 10 shipped with HP protect tools. That software is not avaialble on my computer. The agent after speaking with his team manager several times advised that I should purchase and use WinMagic to mange the drive.

 

Bitlocker is installed so you can use that software encryption (Microsoft). There is also a power on lock and   a drive lock option. I beleive that you must protect the bios with a n administrator password before you can use Drivelock.

 

Drivelock seems to allow/disallow access to HD but I don't believe that it is truly encrypting the HD.HP agent said it was not but he wasnt very knowledgeable.

 

SO if you bought a self encrypting HD (OPAL) with your laptop you may have to buy additional software use the encryption on the drive.

 

IF anybody has clear instructions and it actually states that this is  how you turn on encryption in the Self encrypting HD it woudl be highly appreciated.

 

2013 whitepaper on SED's

 

 

 

Tutor
Posts: 6
Member Since: ‎04-07-2017
Message 4 of 12 (576 Views)

Re: Trying to activate self encrypting hard drive - No Option for drive encryption in HP Client Secu

Thanks for the reply jj30.

I've been digging into this more, and still can't find any difinitive answers but I have an unceratin answer that I am sticking with for the time being until the time that this thread gets any attention.

 

I found a white paper at samsung (where my drive is from) that seems to suggest that the encryption is always on but useless until a password is set. It isn't talking about my exact drive but I hope the process is standard across their drives. I am really hoping that when I set a password at power-on from the HP Client Security Manager, that my drive is encrypted and protected.

 

I can't be sure, but this is what I am going to believe for the time being.

 

Here is the link to the whitepaper.

http://www.samsung.com/global/business/semiconductor/minisite/SSD/M2M/html/whitepaper/whitepaper06.h...

Master's Graduate
Posts: 1,369
Member Since: ‎10-03-2009
Message 5 of 12 (553 Views)

Re: Trying to activate self encrypting hard drive - No Option for drive encryption in HP Client Secu

> to suggest that the encryption is always on but useless until a password is set.

 

Yes, that's how SEDs work.  The drive is always encrypting AND decrypting.  Until you change the authentication key and take ownership of the drive, the data isn't protected.

 

This enables the drive to be locked on a power reset and requires the authentication key to unlock.

 

So you need software to take ownership of the drive.  And software to access the authentication key to unlock the drive.

Tutor
Posts: 6
Member Since: ‎04-07-2017
Message 6 of 12 (539 Views)

Re: Trying to activate self encrypting hard drive - No Option for drive encryption in HP Client Secu

Thanks for the post Dennis. It clears a few things up. However I am still unclear wheather my drive is currently being encrypted. 

 

You say "Unitl you change the authentication key and take ownership"

Is that what HP Client Security did when I set up my window's / power-on password / fingerprints the first time I started up my computer?

 

 

Honor Student
Posts: 2
Member Since: ‎04-11-2017
Message 7 of 12 (521 Views)

Re: Trying to activate self encrypting hard drive - No Option for drive encryption in HP Client Secu

I have the" power on" lock/password on one computer and bitlocker on another and drivelock on another.

 

If i access disk management , the c drive shows  encrypted by bitlocker. the power on lock only  computer doesn't show anything on the c drive about encryption and drivelock doesn't either (but i didn't expect it to show anything anyway in reference to drivelock)

 

 I'm assuming  that power on lock  wouldn't show c drive encrypted anyway for the HD encryption because technically if i have logged in at the "power on"  lock screen the drive is decrypted at the moment. Assuming that "power on" lock is the key to encrypt and decrypt the drive.

 

 

I too am interested to know if you have information about the power on lock/password Dennis. If you  know that it is the key to encrypt and decrypt the HD (SED) or if we do indeed need software like WIn Magic to activate the encryption.

Master's Graduate
Posts: 1,369
Member Since: ‎10-03-2009
Message 8 of 12 (448 Views)

Re: Trying to activate self encrypting hard drive - No Option for drive encryption in HP Client Secu

> Is that what HP Client Security did when I set up my window's / power-on password

 

If they support SEDs, that's what they need to do.

 

> I too am interested to know if you have information about the power on lock/password Dennis.

 

Sorry, I only know the low level commands and for Enterprise solutions.

 

Perhaps these tools may help you:

https://sourceforge.net/projects/tcgparm/

https://github.com/Drive-Trust-Alliance/sedutil/wiki/Encrypting-your-drive

 

Looks like sedutil is like my tool.

Tutor
Posts: 6
Member Since: ‎04-07-2017
Message 9 of 12 (421 Views)

Re: Trying to activate self encrypting hard drive - No Option for drive encryption in HP Client Secu

I just got off the phone with HP support. They told me that HP Client Securty (which came pre-installed on my machine) isn't supported by Windows 10, and the software cannot manage my self-encrypting hard drive or even do any encryption anymore.

They suggested BitLocker, which I do not want to do because it is sofeware based and would not utilize my hardware based SED. 

They were no further help.

Now I am off to find a non enterprise solution SED manager, which is proving difficult. Winmagic is one enterprise solution.

Master's Graduate
Posts: 1,369
Member Since: ‎10-03-2009
Message 10 of 12 (390 Views)

Re: Trying to activate self encrypting hard drive - No Option for drive encryption in HP Client Secu

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation