http://h20331.www2.hp.com/Hpsub/downloads/Self_encrypting_drives_whitepaper.pdf

Hi Pekkap,

Thanks for the link. The document you linked to reads:

That the drive must be provisioned and "Provisioning an SED requires SED management software."

and refers to ATA Drive Lock (HP BIOS).

However, when I enter BIOS via F10, the Drive Lock menu option is disabled. Do you know how I can enable this menu option in BIOS?

Thanks,

Ken

>"Provisioning an SED requires SED management software."

>when I enter BIOS via F10, the Drive Lock menu option is disabled. Do you know how I can enable this menu option in BIOS?

I think you need extra software to enable it.  I.e. the SED is already encrypting/decrypting.  You need to have software to prompt you for the authentication key and this must be done in some boot code.

The above document says "HP ProtectTools is included with all HP workstations that ship with an SED".

Which may imply that it would only work if you bought that SED with a HP workstation but you have a laptop.

>Which may imply that it would only work if you bought that SED with a HP workstation but you have a laptop.

The HP 8570w is an Elitebook Mobile Workstation.

>The HP 8570w is an Elitebook Mobile Workstation.

Unfortunately the whitepaper is not specific enough to mention which workstations and what software is needed.

In any case, did your laptop come with the SED?

---

@dennis Handly wrote:

In any case, did your laptop come with the SED?

---

Yep

Have you tried contacting the HPSC?
http://www.hp.com/go/hpsc

Self Encrypting Drives manage (and hide) all data encryption in the drive controller. You can enable protection of the SED by setting a password in the drive. Once that is done, the drive will only acknowledge any I/O when it is "unlocked' by providing that password

Now, there are 2 ways to set and manage that password (as the white paper suggested). You can have an Enterprise Management software with an agent that manages SED access corporate-wide (or workgroup-wide), OR, you can have the BIOS manage the SED password via Drivelock. What you may be missing is the fact that as a security precaution, you are required to setup a BIOS admin password to enable Drivelock. That way, someone else with access to the laptop could not go back into the BIOS, reset, the Drivelock and access your drive (whose data you are trying to protect) with impunity

Hope this helps, and sorry for the long response

soccer_dan, thanks for that helpful info.

I have some additional questions that I hope you can help to answer...

1. From what you stated, to use/enable the self-encrypting drive (SED) feature of the 256GB SSD such that the data stored on the drive is (hardware) encrypted and secured by a password, in the BIOS, I just need to set DriveLock Password (which will automatically prompt me to set a BIOS admin password), correct?
2. Can there be more than 1 DriveLock password to unlock the drive?
3. We have a bunch of HP EliteBook 9470m notebooks that have 256GB SED SSDs in them. Are the SSDs in the 9470m notebooks "Micron C400" drives? I ask because some of the "Enterprise Encryption Management" software such as Sophos SafeGuard mentions compatibility with specific OEM SSD models (Reference: http://www.sophos.com/en-us/support/knowledgebase/113366.aspx).
4. Is WinMagic one of the Enterprise Encryption Management software providers that has compatibility with all of the SED SSDs used by HP computers? (Reference: http://www.winmagic.com/products/enterprise-server-encryption/self-encrypting-hard-drives)
5. What is SecureBoot Configuration? Is that for Two-Factor Authentication to unlock the SSD?
6. When running Windows 7 Pro, does the Boot Mode need to change from Legacy to UEFI Hybrid or UEFI Native or is that completely unrelated to the SSD/encryption?

Thanks in advance for any feedback.