cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Royal1
Fanfold Paper
Posts: 12
Registered: ‎05-21-2018
Location: US
Views: 734
Message 1 of 4

Use hardware encryption on X1 Yoga 3rd gen

I am just setting up a new X1 Yoga 3rd gen with the included 1TB drive (Samsung MZVLB1T0HALR). As I understand, since it is OPAL 2.0, it should be self-encrypting. I was under the impression modern Bitlocker can make use of self-encrypting drives for hardware encryption rather than using software encryption. After setting up Windows, Bitlocker automatically started encrypting the drive. The fact that this took time led me to try "manage-bde -status C:" in an elevated CMD and I found that it was using software encryption.

 

How do I go about getting Bitlocker to use the hardware encryption capabilities?

 

For now, I disabled Bitlocker and then enabled Disk Password in the BIOS. I do get asked for the password at boot-up but how do I know the drive is actually encrypted and this isn't just an access password? In other words, if the SSD is pulled out and placed in another system, it should still be encrypted. According to https://support.lenovo.com/us/en/solutions/migr-69621 I should see a Disk Encryption HDD setting in BIOS if my drive supports encryption --- but I don't see this setting.

 

As an aside, I tried to also download the Samsung Magician utility, but as you would expect, it says my drive is not supported (likely due to Microsoft drivers and/or that this is an OEM drive).

 

Community SeniorMod
Community SeniorMod
Posts: 10,283
Registered: ‎01-01-2010
Location: US
Views: 722
Message 2 of 4

Re: Use hardware encryption on X1 Yoga 3rd gen

If it is an OPAL drive it is encrypted by the hardware.  The operating system and the user don't see anything to show any encrypting, so there is no performance hit.  That simply means that the bits and bytes are stored in the memory chips in a non-sequential manner so someone couldn't use electronic gear to dump the memory chips to get at your data.  If you put the drive into a different machine, it couldn't be accessed without supplying the password.  If there were no password, the drive could be mounted in another system, either directly or via an external housing, and read out your data because the data would be un-encrypted by the drive and passed to the OS.  The password is also encrypted via the BIOS and stored on the drive in an area that cannot be directly accessed.  The only command that can allow reading is a challange command.  One warning, if you want to move the drive to another system, you need to remove the password first or mount it into a "similar" machine so you can supply the password via the BIOS encryption.  My understanding is that machines T440 and newer use the same encryption.  Also, there is no way to supply the password to an external drive.


Rich


I do not respond to requests for private, one-on-one help. Your questions should be posted in the appropriate forum where they may help others as well.

If a response answers your question, please mark it as the accepted solution.

I am not an employee or agent of Lenovo.
Royal1
Fanfold Paper
Posts: 12
Registered: ‎05-21-2018
Location: US
Views: 717
Message 3 of 4

Re: Use hardware encryption on X1 Yoga 3rd gen

Thanks for your comprehensive response!

 

Could you also respond to this part:

 

According to https://support.lenovo.com/us/en/solutions/migr-69621 I should see a Disk Encryption HDD setting in BIOS if my drive supports encryption --- but I don't see this setting.

The lack of that setting in BIOS makes me wonder how I know it's really being encrypted.

Community SeniorMod
Community SeniorMod
Posts: 10,283
Registered: ‎01-01-2010
Location: US
Views: 708
Message 4 of 4

Re: Use hardware encryption on X1 Yoga 3rd gen

FDE is a different technology (for spinning drives).  With OPAL encryption, there is no option. It is always encrypted.  I doubt that the BIOS even knows about it.


Rich


I do not respond to requests for private, one-on-one help. Your questions should be posted in the appropriate forum where they may help others as well.

If a response answers your question, please mark it as the accepted solution.

I am not an employee or agent of Lenovo.

Check out current deals!


Shop current deals

Top Kudoed Authors