[RESPONDED] Hardware encryption of internal and external SSD (and Hard Drives)

I use:

  • Internal SSD: Samsung 990 Pro 2 TB
  • External SSD: Crucial x9 Pro 2 TB
  • External HDD: WD My Passport Ultra 5 TB

All of these devices have Hardware Encryption and comply with Opal Storage Specification Version 2.0. How can I easily and safely enable disable hardware encryption?

Drive-Trust-Alliance/sedutil: DTA sedutil Self encrypting drive software is not in active maintenance. And also the procedure is a bit complicated. I was hopeful if there is a easy solution like a flick of a button in Windows.


I know that the hardware encryption of SSD can not be trusted as it is proprietary and also there are some ways to defeat it as demonstrated in an IEEE paper: Self-Encrypting Deception: Weaknesses in the Encryption of Solid State Drives IEEE Conference Publication IEEE Xplore 2. But for my threat level, I want to use hardware encryption and not LUKS. I have received an email from Samsung that the issues raised in the IEEE paper has been resolved in Samsung 980 Pro onwards.

Please don’t make it a philosophical discussion about pros and cons about Hardware encryption.

Basically echoing this from the Windows side of the fence:

On the Linux side of things, we recommend using LUKS encryption. I cannot speak to anything on hardware encryption.

This is my feeling on the matter.

You would need to reach out to Samsung on this one. We have an active thread linked above (Windows). There is no intention to make this a focus for us at this time.

I was looking at the BIOS for available security options for my Samsung 990 Pro Internal SSD which has inbuild hardware encryption.

Could you please explain the following settings and whether they enable/disable hardware encryption and is it sufficient to change Bios settings or do we need to use other tools together?

I am taking about

  1. TCG Storage Action
  2. Set Storage password
  3. Set Master HDD Password

Also, what is the difference between Storage and Master HDD Password? Please see the following screenshot from BIOS 3.06 on Linux for Intel 12th Gen.

@Matt_Hartley Can you please answer this post?

Merging the original post here does not answers it as it was not answered in this post.

See reply in the duplicate thread. Closing as duplicate.

Edit: To be super clear. We do not support Samsung 990 Pro 2 hardware encryption.