03-09-2018 03:10 PM
I bought an Unused Thinkpad X270 Windows 7 which has this SSD
256GB SSD M.2 NVMe PCIe 2280 Toshiba Lenovo FRU 00UP641 THNSF5256GPUK
Which I understand is an OPAL 2 hardware encrypted drive ??
Im not too familiar with encryption but reading these forums I seem conclude the following
1. The SSD hardware encryption is always on but to encrypt it so no one else can access, need to
secure with hdd password. I have set superviser and " Hard Disk 1 " passwords and when I turn laptop
on it prompts me for both of these. From my understanding the FDE encryption is now working
but how do I know ?
2. Some topics in the forums give this link
This link suggests that if system detects an opal compatable SSD it enables the Encryption Menu in the bios.
3. The issue I have is that no Encryption Menu has appeared in my BIOS. The only options are in Security
and Hard Drive 1 password - in relation to the hard drive
4. Is setting the Hard Drive 1 password adequate ? or should an encryption menu appear.
Thanks in advance for your assistance.
03-09-2018 04:29 PM
there is no encryption menu in the BIOS. The data is always encrypted in the drive. The computer writes normal data so there is no overhead or delay. Without the password, the drive could be moved to a different computer and read. The password eliminates the possibility of stealing the computer and reading the drive elsewhere. One password is enough.
03-09-2018 10:06 PM
If you are Windows user, and have to ask, forget about BIOS, OPAL 2 etc.
Just use Bitlocker. Most of the reasons not to have become irrelevant years ago.
03-10-2018 03:42 AM
Hi thanks for your reply
So aslong as I have the password set for Hard Disk 1 in the BIOS,
That is all I need ?
Also is there anyway to change the encryption key from the factory default on the drive ?
Is there a setting that changes the key ?
Also I assume that the ssd drive I mentioned in the original post is a compatible
FDE SSD and is in fact encrypted ?
Thanks is advance for your help
03-10-2018 10:20 AM
I have Windows 7 professional, I dont think it has bit locker
I dont know much about opal fde etc but just seems that even Lenovo's info isnt that clear
on it. It seems if a Bios hdd password is set, thats all you need to do but theres no way to verify
03-12-2018 09:33 AM
but theres no way to verify encryption easily
I agree there is no easy way to verify encryption that happens at hardware level, but fortunately, OPAL specification and certification takes care of this for you. Software encryption is much easier for you to verify yourself.
You can reset the cryptographic key if you want to: https://support.lenovo.com/ch/en/downloads/ds019026