SSD encrypt a partition possible?

Discussion in 'privacy technology' started by wiwul, Mar 2, 2015.

  1. wiwul

    wiwul Registered Member

    Aug 9, 2008
    Up front..

    I do not have any SSD yet, but plan to buy a new PC with a SSD, maybe even two.
    Samsung 850 Pro.
    Currently I am using container encryption on HDD, so I need to open a container to access my personal data. From what I know this is not recommendable on a SSD: for SSD drive encryption is recommended.

    Now -theoretically and again I really don't know if it works, so maybe it is total 'BS' -
    what about the following scenario..
    1TB SSD
    split up into 2 partitions of 500GB
    1 partition being 'drive encrypted'

    or will drive encryption only work on the full 1TB SSD ?

  2. RollingThunder

    RollingThunder Registered Member

    Nov 21, 2013
    I read an article awhile back about Samsung 840 series and above. (I disclaim I am not an expert guys). Apparently, the 840 series and above sports hardware encryption if your bios supports it. In terms of security this would seem to be the holy grail, better then truecrypt and all the other software alternatives. AES 256-bit hardware-based encryption. Last I read the bios that supported this feature was mostly only available for laptops. Additional feedback requested guys.
  3. wiwul

    wiwul Registered Member

    Aug 9, 2008
    This SSD encryption is a bit of a mystery for me and frankly I haven't found any 'simple' answers as to what is, what is not possible.

    e.g. it seems to be possible to encrypt your entire SSD (using Bitlocker and based on Windows 8.0 or higher) and modern hardware.
    then again in case of full SSD encryption the drawbacks are said to be that TRIM and wear-leveling are disabled.

    For the Samsung 840EVO and 850 Pro following is possible: TCG OPAL and e-DRIVE (Bitlocker/Microsoft Windows 8/EUFI)

    However, I have not found an answer for the scenario of having:
    - a boot-partition on the SSD and
    - an encrypted partition on the same SSD.
    meaning to say: it seems not be possible to encrypt a partition only.

    That aside, in the scenario of having
    1 SSD
    2 HDD's in RAID
    the SSD can not be encrypted (the Rapid Storage Driver, RST, for RAID seems to conflict with the encryption of the SSD..?)

    All in all it seems that only FDE will work, but SSD FDE will not in combination with HDD's in RAID.
    Bottomline it is complex .. :(
    So preferrably stay away from it.

    also see "The Pros and Cons of Opal Compliant Drives "