Hello,
what feature does my drive so I can encrypt it via the BIOS?
Does it need TCG Opal V2.0 (Samsung 980 Pro) or is something like AES 256-bit Encryption, Pyrite 2.0 (Hynix P41) or AES 256-bit Encryption, TCG Pyrite Supported (Hynix P31) also enough?
Hardware encryption is seriously flawed, it’s a great feature in theory but has been badly implemented in the past. BIOS password locking isn’t the same as hardware encryption. It’s just a password. Someone correct me if I’m wrong but that’s how I understand it. Stick with software encryption, the CPU is more than powerful enough to deal with the CPU overhead that comes from encrypting it that way. Software encryption would be something like LUKS or Bitlocker.
@GhostLegion
Thank you for your answer. I don’t want to rely on disk encryption via the UEFI, I want to use it additionally to encryption via LUKS (TPM2.0 + Pin via systemd-cryptenroll). I definitely know what I am doing.
I think you are right about very old drives (where you only needed to change the controller and could access all the data on the drive), but never drives really encrypt the content.
According to the costumer support, TCG Opal V2.0 is the required feature.