SSD encrypt a partition possible?

Discussion in 'privacy technology' started by wiwul, Mar 2, 2015.

  1. wiwul

    wiwul Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    97
    Up front..

    I do not have any SSD yet, but plan to buy a new PC with a SSD, maybe even two.
    Samsung 850 Pro.
    Currently I am using container encryption on HDD, so I need to open a container to access my personal data. From what I know this is not recommendable on a SSD: for SSD drive encryption is recommended.

    Now -theoretically and again I really don't know if it works, so maybe it is total 'BS' -
    what about the following scenario..
    1TB SSD
    split up into 2 partitions of 500GB
    1 partition being 'drive encrypted'

    or will drive encryption only work on the full 1TB SSD ?

    =
     
  2. RollingThunder

    RollingThunder Registered Member

    Joined:
    Nov 21, 2013
    Posts:
    187
    Location:
    https://www.eff.org/issues/anonymity
    I read an article awhile back about Samsung 840 series and above. (I disclaim I am not an expert guys). Apparently, the 840 series and above sports hardware encryption if your bios supports it. In terms of security this would seem to be the holy grail, better then truecrypt and all the other software alternatives. http://www.storagereview.com/samsung_ssd_850_pro_review AES 256-bit hardware-based encryption. Last I read the bios that supported this feature was mostly only available for laptops. Additional feedback requested guys.
     
  3. wiwul

    wiwul Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    97
    Thanks.
    This SSD encryption is a bit of a mystery for me and frankly I haven't found any 'simple' answers as to what is, what is not possible.

    e.g. it seems to be possible to encrypt your entire SSD (using Bitlocker and based on Windows 8.0 or higher) and modern hardware.
    then again in case of full SSD encryption the drawbacks are said to be that TRIM and wear-leveling are disabled.

    For the Samsung 840EVO and 850 Pro following is possible: TCG OPAL and e-DRIVE (Bitlocker/Microsoft Windows 8/EUFI)

    However, I have not found an answer for the scenario of having:
    - a boot-partition on the SSD and
    - an encrypted partition on the same SSD.
    meaning to say: it seems not be possible to encrypt a partition only.

    That aside, in the scenario of having
    1 SSD
    2 HDD's in RAID
    the SSD can not be encrypted (the Rapid Storage Driver, RST, for RAID seems to conflict with the encryption of the SSD..?)

    All in all it seems that only FDE will work, but SSD FDE will not in combination with HDD's in RAID.
    Bottomline it is complex .. :(
    So preferrably stay away from it.

    =
    later..
    also see "The Pros and Cons of Opal Compliant Drives "
    http://www.esecurityplanet.com/netw...and-Cons-of-Opal-Compliant-Drives-3939016.htm
    =
     
Loading...