All of these devices have Hardware Encryption and comply with Opal Storage Specification Version 2.0. How can I easily and safely enable disable hardware encryption?
I know that the hardware encryption of SSD can not be trusted as it is proprietary and also there are some ways to defeat it as demonstrated in an IEEE paper: Self-Encrypting Deception: Weaknesses in the Encryption of Solid State Drives IEEE Conference Publication IEEE Xplore 2. But for my threat level, I want to use hardware encryption and not LUKS. I have received an email from Samsung that the issues raised in the IEEE paper has been resolved in Samsung 980 Pro onwards.
Please don’t make it a philosophical discussion about pros and cons about Hardware encryption.
Basically echoing this from the Windows side of the fence:
On the Linux side of things, we recommend using LUKS encryption. I cannot speak to anything on hardware encryption.
This is my feeling on the matter.
You would need to reach out to Samsung on this one. We have an active thread linked above (Windows). There is no intention to make this a focus for us at this time.
I was looking at the BIOS for available security options for my Samsung 990 Pro Internal SSD which has inbuild hardware encryption.
Could you please explain the following settings and whether they enable/disable hardware encryption and is it sufficient to change Bios settings or do we need to use other tools together?
I am taking about
TCG Storage Action
Set Storage password
Set Master HDD Password
Also, what is the difference between Storage and Master HDD Password? Please see the following screenshot from BIOS 3.06 on Linux for Intel 12th Gen.