cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
r6squeegee
What's DOS?
Posts: 2
Registered: ‎05-23-2019
Location: CA
Views: 446
Message 1 of 5

Thinkpads with pyrite encryption support

Does anyone know how to enable pyrite encryption support on thinkpads (or if it's supported at all) such as on the yoga 260 or the x270.

 

As an example with the intel 660p drives they don't support full opal so in the bios there's no option for HD password... so how does one go about setting the hd password?

Lenovo Staff
Lenovo Staff
Posts: 5,537
Registered: ‎10-29-2009
Location: NC
Views: 408
Message 2 of 5

Re: Thinkpads with pyrite encryption support

HDD password in BIOS depends on ATA Security support, not OPAL support.  In my experience, most retail NVMe SSDs don't support ATA Security.  The OEM versions of the same drives (e.g. the ones that Lenovo ships) do support ATA Security.

 

I'm not familiar with Intel 660p SSD so I can't speak specifically to that model.

 

You may be able to find more info about the capabilities of this drive by using the Intel Pro SSD admin tool:

https://downloadcenter.intel.com/product/84073/Intel-SSD-Pro-Administrator-Tool

 

 

 

r6squeegee
What's DOS?
Posts: 2
Registered: ‎05-23-2019
Location: CA
Views: 392
Message 3 of 5

Re: Thinkpads with pyrite encryption support

The Intel 660p drives support encryption via pyrite. this is why I'm asking if thinkpads have any way to support this. it currently looks like thinkpads do not support pyrite drives.

Highlighted
Lenovo Staff
Lenovo Staff
Posts: 5,537
Registered: ‎10-29-2009
Location: NC
Views: 379
Message 4 of 5

Re: Thinkpads with pyrite encryption support


@r6squeegee wrote:

The Intel 660p drives support encryption via pyrite. this is why I'm asking if thinkpads have any way to support this. it currently looks like thinkpads do not support pyrite drives.


Sorry, I got sidetracked with your question about HDD password.  ThinkPad does not support Pyrite 1.0 because it did not include the Block SID mechanism to prevent setting unauthorized passwords, or a secure erase mechanism.  These things were added in Pyrite 2.0, but the spec wasn't finished in time to add the support to the latest ThinkPad models.  I guess this support could be added to future ThinkPad models, but I am certain it won't be retrofitted to old models like X260 and X270. 

 

By the way, Pyrite by definition is NOT encryption (it is only access control).  So Pyrite may not be what you're looking for if you're concerned about encryption.

 

https://trustedcomputinggroup.org/wp-content/uploads/TCG_Storage-Pyrite_SSC_FAQ.pdf

 

skywalkr
Punch Card
Posts: 72
Registered: ‎02-03-2008
Location: RTP, NC
Views: 71
Message 5 of 5

Re: Thinkpads with pyrite encryption support

^^^ Thank You for pointing this out and clearing up the gotchas! 

 

Bottom line: Thinkpad buyers beware.  Sadly, my Intell 660p will be returned.  If you want a 2TB NVMe that fully supports Opal with ATA PW + FDE, it will be something else.  We gotta start looking closer at the fine print!  Specifically looking for "Opal, FDE, AES-256, ATA PW"  and not just pyrite.  None of the reviews I saw have stated this omission either.  They just said, "it supports AES-256" and a few maybe said "pyrite..."   I did find one vendor that said both Opal and Pyrite and since Pyrite is a subset of Opal, that made sense.  

 

For anyone with a Thinkpad made in the past couple of years, (like the X1E1) the Intel 660p is useless if you want Opal full hardware-based drive encryption or FDE.  Like many customers, I saw "AES-256 " was listed and thought we are good-to-go. But it's NOT using the ATA Password standard.  *@(@(*@ ouch!   So Thinkpaders, if you buy this NVMe, you cannot use the reliable and familar BIOS Harddrive ATA PW locks which most vendors have also used to enable Opal's Full Drive Encryption. 

 

Overall, the drive is a at a great price!  I had just cloned mine, gone into the BIOS looking for the HDD password and nope - not there! I wish Intel had not omitted the FULL Opal / ATA encryption by using something few vendors will support right now. 

 

BTW, the unit worked great in the few hours of testing in my X1E. So if you can live with only using software encryption like Microsoft's  bitlocker, then this drive may be a great fit, especially on price, quality and vendor reputation. 

 

See this 2015 PDF for more about Opal and the subset pyrite. BTW, we should have knows something was up with the name like Pyrite.. I thought why would anyone name somethig Pyrite - yeap better known as "fool's gold" .  

https://www.flashmemorysummit.com/English/Collaterals/Proceedings/2015/20150811_FA11_Cox.pdf

 

Peace and Cheers! 

Check out current deals!


Shop current deals