Welcome to our peer-to-peer forums, where owners help owners. Need help now? Visit eSupport here.

English Community

ThinkPad NotebooksThinkPad: X Series Laptops
All Forum Topics
Options

125 Posts

01-26-2011

Fort Stewart, GA

520 Signins

3885 Page Views

  • Posts: 125
  • Registered: ‎01-26-2011
  • Location: Fort Stewart, GA
  • Views: 3885
  • Message 1 of 31

Enabling SSD Encryption in BIOS for Samsung 840 Pro or SSDs

2012-12-29, 17:28 PM

Hi - I bought a Samsung 840 Pro and installed with my W8 upgrade - clean install. 

 

One reason I bought it was the Encryption feature built into the 840 Pro.  However, being unfamiliar with this feature, and not seeing anything in the documentation or in the Samsung Magician optimization software I called Samsung .  They said I would enable the data encryption feature through my BIOS.

 

I looked in the X220 BIOS set up and discussed with him the entry under Security/Password entitled:  Hard Disk 1 password (Enable/Disable).  He said probably by enabling the Hard Disk 1 password feature - that this would then enable the resident encryption feature built into the SSD. 

 

The X220 user manual (p. 92) says if this feature is enabled that you will have to enter the password when you boot your computer.  I don't know if this is just the first time you boot or if it will be every time.

 

Anyway - wanting to see if anyone else has gone through the effort to enable SSD encryption feature of the Samsung 840 Pro or any other SSD with its own encryption.  Also - does anyone know how to verify if the disk is encrypted once it is supposedly enabled?   Kent 

Reply
Answer
Options

125 Posts

01-26-2011

Fort Stewart, GA

520 Signins

3885 Page Views

  • Posts: 125
  • Registered: ‎01-26-2011
  • Location: Fort Stewart, GA
  • Views: 3885

Re: Enabling SSD Encryption in BIOS for Samsung 840 Pro or SSDs

2013-01-03, 22:50 PM

Thanks so much Tout.

 

Actually since receiving no replies I went back and did more research and answered my questions.  Lenovo user . . . heal thyself.

 

While vague on the specifics this Lenovo link on Full Disk Encryption was useful:  www.lenovo.com/support/fde

 

WRT the password at boot - at least on my X220 once I went in to the BIOS under Security and entered the "HDD Password" I only had to enter the password one more time on the next boot of the laptop.  After that, I see that the machine checks the password as it boots up but does not ask me to enter the password again. I am sure this is the same for any FDE SSD - not just my Samsung 840 Pro.  This process is listed in your machine's user manual.  Unfortunately, again, it tells you how to enter the HDD Password but is short on details on what results when a user does that or implications. 

 

That is my critique after researching this quite a bit - the information on Lenovo's site and in their publications already assumes the user is quite familiar with all this and other aspects - and as a result leaves lots of basic questions unanswered.  For example in my user guide it tells you how to enable the HDD Password but does not mention anything about the fact that you must have a FDE HHD or FDE SSD for it to make any sense to use the HDD Password feature.  You need FDE to make the SSD secure.  It also says if you forget or lose the password that you have to take the machine in to be serviced and have the hard drive replaced, for a fee of course.  Not true.

 

Bottom line is that after installing the SSD that has FDE - the way to make the encrypted data secure is to go into the BIOS and enable ATA security or - as in my X220 -  it is labeled as HDD Password.  The BIOS and FDE SSD then are tied to each other, in layman's terms.  This is a separate password from a BIOS or other password you might set in relation to one of the BIOS functions.  If you lose this or forget this HDD password, your data is not accessible.  On the other hand, Lenovo has software so that you can go in and Securely Erase all the data on the SSD so that it can be given a new encryption key and be used again.  So you can secure erase the data and reuse the FDE SSD but your data is gone as a result.  This process will also erase the forgotten password in the BIOS so you can start over again with a new password.  Here is the link for the Lenovo tool to Reset the Cryptographic Key//Secure Erase a SSD:

 

http://support.lenovo.com/en_US/downloads/detail.page?DocID=DS019026

 

For a fascinating and relevant discussion of FDE SSDs (in this case an Intel 320) read this link, I learned a lot from reading it:  http://communities.intel.com/thread/20537

 

I am not claiming to be a cryptologist, but I understand this enough now from a user level to know that my FDE SSD data is secure once I enable the HDD Password in my BIOS.  From reading the Intel discussion, many cheaper or consumer oriented machines do not have the HDD Password option in their BIOS - which as far as I can tell makes a FDE SSD useless unless you want to go to a lot of trouble to try and enable it via other methods.    

 

Having shared the extent of my knowledge on this topic, I now return to watching Team Umizoomi with my 3 year old.

 

Out.

 

 

 

Reply

Replies(30)
Options

642 Posts

12-11-2012

Raleigh, NC

370 Signins

26193 Page Views

  • Posts: 642
  • Registered: ‎12-11-2012
  • Location: Raleigh, NC
  • Views: 26193
  • Message 2 of 31

Re: Enabling SSD Encryption in BIOS for Samsung 840 Pro or SSDs

2013-01-03, 21:51 PM

Hey there Kent1968,

 

Unfortunately I cannot shed much light on Samsung 840 Pro, but I can tell you that by enabling the Hard Disk Password you will be required to enter the password after every time the machine is completely powered off. I have seen in various forums that Hardware encryption is enabled by assigning a "HDD Password" in the bios with the Samsung 840 Pro SSD, but I have not been able to confirm. I hope that this gives some guidance to what you are looking to accomplish. Good luck!



Did someone help you today? Press the star on the left to thank them with a Kudo!

If you find a post helpful and it answers your question, please mark it as an "Accepted Solution".! This will help the rest of the Community with similar issues identify the verified solution and benefit from it.
Reply
Answer
Options

125 Posts

01-26-2011

Fort Stewart, GA

520 Signins

3885 Page Views

  • Posts: 125
  • Registered: ‎01-26-2011
  • Location: Fort Stewart, GA
  • Views: 3885
  • Message 3 of 31

Re: Enabling SSD Encryption in BIOS for Samsung 840 Pro or SSDs

2013-01-03, 22:50 PM

Thanks so much Tout.

 

Actually since receiving no replies I went back and did more research and answered my questions.  Lenovo user . . . heal thyself.

 

While vague on the specifics this Lenovo link on Full Disk Encryption was useful:  www.lenovo.com/support/fde

 

WRT the password at boot - at least on my X220 once I went in to the BIOS under Security and entered the "HDD Password" I only had to enter the password one more time on the next boot of the laptop.  After that, I see that the machine checks the password as it boots up but does not ask me to enter the password again. I am sure this is the same for any FDE SSD - not just my Samsung 840 Pro.  This process is listed in your machine's user manual.  Unfortunately, again, it tells you how to enter the HDD Password but is short on details on what results when a user does that or implications. 

 

That is my critique after researching this quite a bit - the information on Lenovo's site and in their publications already assumes the user is quite familiar with all this and other aspects - and as a result leaves lots of basic questions unanswered.  For example in my user guide it tells you how to enable the HDD Password but does not mention anything about the fact that you must have a FDE HHD or FDE SSD for it to make any sense to use the HDD Password feature.  You need FDE to make the SSD secure.  It also says if you forget or lose the password that you have to take the machine in to be serviced and have the hard drive replaced, for a fee of course.  Not true.

 

Bottom line is that after installing the SSD that has FDE - the way to make the encrypted data secure is to go into the BIOS and enable ATA security or - as in my X220 -  it is labeled as HDD Password.  The BIOS and FDE SSD then are tied to each other, in layman's terms.  This is a separate password from a BIOS or other password you might set in relation to one of the BIOS functions.  If you lose this or forget this HDD password, your data is not accessible.  On the other hand, Lenovo has software so that you can go in and Securely Erase all the data on the SSD so that it can be given a new encryption key and be used again.  So you can secure erase the data and reuse the FDE SSD but your data is gone as a result.  This process will also erase the forgotten password in the BIOS so you can start over again with a new password.  Here is the link for the Lenovo tool to Reset the Cryptographic Key//Secure Erase a SSD:

 

http://support.lenovo.com/en_US/downloads/detail.page?DocID=DS019026

 

For a fascinating and relevant discussion of FDE SSDs (in this case an Intel 320) read this link, I learned a lot from reading it:  http://communities.intel.com/thread/20537

 

I am not claiming to be a cryptologist, but I understand this enough now from a user level to know that my FDE SSD data is secure once I enable the HDD Password in my BIOS.  From reading the Intel discussion, many cheaper or consumer oriented machines do not have the HDD Password option in their BIOS - which as far as I can tell makes a FDE SSD useless unless you want to go to a lot of trouble to try and enable it via other methods.    

 

Having shared the extent of my knowledge on this topic, I now return to watching Team Umizoomi with my 3 year old.

 

Out.

 

 

 

0 person found this solution to be helpful.

This helped me too

Reply
Options

642 Posts

12-11-2012

Raleigh, NC

370 Signins

26193 Page Views

  • Posts: 642
  • Registered: ‎12-11-2012
  • Location: Raleigh, NC
  • Views: 26193
  • Message 4 of 31

Re: Enabling SSD Encryption in BIOS for Samsung 840 Pro or SSDs

2013-01-06, 13:32 PM

Thank you so much kent1968 for taking the time to research and provide this information to the community. It is truly valuable, and hopefully we can get a knowledgebase article made of this information.

 

Again, Thank you for being a part of the Lenovo Community Kent1968!



Did someone help you today? Press the star on the left to thank them with a Kudo!

If you find a post helpful and it answers your question, please mark it as an "Accepted Solution".! This will help the rest of the Community with similar issues identify the verified solution and benefit from it.
Reply
Options

126 Posts

02-17-2013

Antigua and Barbuda

203 Signins

1281 Page Views

  • Posts: 126
  • Registered: ‎02-17-2013
  • Location: Antigua and Barbuda
  • Views: 1281
  • Message 5 of 31

Re: Enabling SSD Encryption in BIOS for Samsung 840 Pro or SSDs

2013-02-17, 7:32 AM

Hi,  I have a X230 and I replaced the original Intel 180GB by a Samsung 840 PRO with 500 GB. In BIOS the master and the user password is set (I don't know the master password). The original Intel disk is encrypted. After I had re-installed my SW I checked the Samsung disk: it's NOT encrypted, everything can be read although the user password is set.

Did I miss something ?

Reply
Options

125 Posts

01-26-2011

Fort Stewart, GA

520 Signins

3885 Page Views

  • Posts: 125
  • Registered: ‎01-26-2011
  • Location: Fort Stewart, GA
  • Views: 3885
  • Message 6 of 31

Re: Enabling SSD Encryption in BIOS for Samsung 840 Pro or SSDs

2013-02-17, 16:46 PM

I am not sure I totally understand your question.  I am not sure how you can tell that encryption is not working.  I think the best way is to put your new Samsung SSD into another laptop and see if it can be read.  If it can be, then encryption is not working for some reason.  Of course if it cannot be read, then it is working.

 

For my machine, X220, when it boots up, I get a screen that shows that the BIOS password is checking the SSD - then it just says "OK" and boots up.

 

Does yours do that?  If you set your user SSD password for your new SSD and it works then it should be ok.  

 

After you installed the new SSD, did you set a new user password for it?  If you left the same password in the system and never enabled the password settings for the new Samsung SSD - AFTER - you installed it then you may not have really enabled it yet.

 

Other than the fact that my BIOS checks the SSD password at startup - I would not be able to tell there is any encryption working.  If I wanted to prove it was working, as far as I can tell, I would need to try it on another machine to confirm that it is actually encrypted and only works in my machine with my user BIOS password.

 

Good luck.

Reply
Options

126 Posts

02-17-2013

Antigua and Barbuda

203 Signins

1281 Page Views

  • Posts: 126
  • Registered: ‎02-17-2013
  • Location: Antigua and Barbuda
  • Views: 1281
  • Message 7 of 31

Re: Enabling SSD Encryption in BIOS for Samsung 840 Pro or SSDs

2013-02-17, 20:29 PM

That's exactly what I did: mounting the old Intel SSD in another PC was not possible, so it's encrypted. Mounting the new Samsung 840PRO was possible and the content was readablae, so it's not encrypted.

After installing the new Samsung SSD I did not change the password. In fact I can't change it, because I don't know the master password.

The only thing, which the BIOS checks upon boot ist my fingerprint.

So you think, it's necessary to start without user password and to set the user password afterwards ? Does this mean I have to re-install everything ?

 

Reply
Options

125 Posts

01-26-2011

Fort Stewart, GA

520 Signins

3885 Page Views

  • Posts: 125
  • Registered: ‎01-26-2011
  • Location: Fort Stewart, GA
  • Views: 3885
  • Message 8 of 31

Re: Enabling SSD Encryption in BIOS for Samsung 840 Pro or SSDs

2013-02-17, 20:51 PM

I don't know exactly.   I thought you had the user level password?  With it I thought you can change the user password and switch out SSDs.

 

My recommendation is to put the Intel SSD back in your computer.   Then go to the BIOS user password and remove it.  Basically delete the current user HDD password and replace it with nothing so that the user HDD password is not active.

 

Then the PC should boot up normally.   Then, shut down.  Replace your SSD and then boot to BIOS user password and now add a new user password for the Samsung SSD.   Then see if it will go ahead and boot up and accept the new password to encrypt the new SSD.

 

If you have not done so already, on Lenovo support website - download the "User Guide" for the X230.  They have a section their on User passwords, Master passwords, and what the limits are for each.   I don't specifically recall from when I read this a couple of months ago but I thought if a user password has been set the machine is still usable even if you don't know the master - like in a corporate environment when the user has their own machine but the IT department can still take it for maintenance. 

 

You can't get the master password from anywhere?

Reply
Options

126 Posts

02-17-2013

Antigua and Barbuda

203 Signins

1281 Page Views

  • Posts: 126
  • Registered: ‎02-17-2013
  • Location: Antigua and Barbuda
  • Views: 1281
  • Message 9 of 31

Re: Enabling SSD Encryption in BIOS for Samsung 840 Pro or SSDs

2013-02-18, 8:01 AM
ok, I'll try to get the master password. But this may take some days.
Reply
Options

125 Posts

01-26-2011

Fort Stewart, GA

520 Signins

3885 Page Views

  • Posts: 125
  • Registered: ‎01-26-2011
  • Location: Fort Stewart, GA
  • Views: 3885
  • Message 10 of 31

Re: Enabling SSD Encryption in BIOS for Samsung 840 Pro or SSDs

2013-02-18, 16:55 PM

You can always try the other option I mentioned.  Install the Intel SSD, remove the user HDD password, then replace with your Samsung SSD and see if you can add a HDD user name back in the BIOS settings and see if it will enable encryption for your SSD. 

Reply
Forum Home

Community Guidelines

Please review our Guidelines before posting.

Learn More

Check out current deals!

Go Shop
X

Save

X

Delete

X

No, I don’t want to share ideas Yes, I agree to these terms

Most Liked Authors

(Last 7 days)

View All